Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://ubc.zoom.us/j/2243567901?pwd=ak1XbmprdFBUQnRZOWszWU91VHdyUT09

Overview

General Information

Sample URL:https://ubc.zoom.us/j/2243567901?pwd=ak1XbmprdFBUQnRZOWszWU91VHdyUT09
Analysis ID:1587177
Infos:

Detection

Score:52
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Queries sensitive service information (via WMI, Win32_LogicalDisk, often done to detect sandboxes)
Tries to delay execution (extensive OutputDebugStringW loop)
Contains capabilities to detect virtual machines
Creates a process in suspended mode (likely to inject code)
Detected non-DNS traffic on DNS port
Drops PE files
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Stores files to the Windows start menu directory
Tries to disable installed Antivirus / HIPS / PFW
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Process Tree

  • System is w10x64_ra
  • chrome.exe (PID: 7112 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 6280 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1920,i,10911561372752407795,12782074899666422176,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 7252 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5868 --field-trial-handle=1920,i,10911561372752407795,12782074899666422176,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • Zoom_cm_fotiZ9vvrZo4_mJGohcJr5Wi4nh-+oH9qDAdNxPgV4bAl8sJE@Ya299Uo3BvkVZYb-_ke7c3d59090895be7_.exe (PID: 7632 cmdline: "C:\Users\user\Downloads\Zoom_cm_fotiZ9vvrZo4_mJGohcJr5Wi4nh-+oH9qDAdNxPgV4bAl8sJE@Ya299Uo3BvkVZYb-_ke7c3d59090895be7_.exe" MD5: 84928D50CA36826F9190E141AA8F2CFB)
      • Zoom_cm_fotiZ9vvrZo4_mJGohcJr5Wi4nh-+oH9qDAdNxPgV4bAl8sJE@Ya299Uo3BvkVZYb-_ke7c3d59090895be7_.exe (PID: 7684 cmdline: "C:\Users\user\Downloads\Zoom_cm_fotiZ9vvrZo4_mJGohcJr5Wi4nh-+oH9qDAdNxPgV4bAl8sJE@Ya299Uo3BvkVZYb-_ke7c3d59090895be7_.exe" /normal.priviledge MD5: 84928D50CA36826F9190E141AA8F2CFB)
        • Installer.exe (PID: 8188 cmdline: "C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe" ZInstaller --conf.mode=silent --ipc_wnd=262910 MD5: D143FF2D8254FDA992D42B9275374306)
          • Installer.exe (PID: 6360 cmdline: "C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe" /addfwexception --bin_home="C:\Users\user\AppData\Roaming\Zoom\bin" MD5: D143FF2D8254FDA992D42B9275374306)
        • Zoom.exe (PID: 7636 cmdline: "C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exe" "--url=zoommtg://win.launch?h.domain=ubc.zoom.us&h.path=join&confid=dXNzPWNxa2x0dFJLV2NmVm95Rm9XRTIyWnpwaWo1dVpsZl9jVExhSUc0b2YwR1huZ2VOLUNhY21FdmtEaUt1Sks1SXBMMi1GZC05MnZobjVxUmoxaDhkT3gwbW9Ld1hGMEM5UzZSWXhpYmZxZ3pxSHRrQ25laUZlSXloaEZwRUJuT3A1VEtuZDlDSEJqeW0wRHhhS2pQUFR2U240ZEFmRFhyQUZfcVFycUEuTE9wZzF4dUZuN3ZtQUhfdyZ0aWQ9ZDg4NjA2OWJiZTU1NGMyNjlhMDA2NWMzOGUyNDRlNjA%3D&mcv=0.92.11227.0929&stype=0&zc=0&browser=chrome&action=join&confno=2243567901&pwd=ak1XbmprdFBUQnRZOWszWU91VHdyUT09" MD5: F481F25C82B2CD0302544AAB09BD7884)
          • Zoom.exe (PID: 4348 cmdline: "C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exe" --action=join --runaszvideo=TRUE MD5: F481F25C82B2CD0302544AAB09BD7884)
        • zm4221.tmp (PID: 7552 cmdline: "C:\Users\user\AppData\Local\Temp\zm4221.tmp" -DAF8C715436E44649F1312698287E6A5=C:\Users\user\Downloads\Zoom_cm_fotiZ9vvrZo4_mJGohcJr5Wi4nh-+oH9qDAdNxPgV4bAl8sJE@Ya299Uo3BvkVZYb-_ke7c3d59090895be7_.exe MD5: 84928D50CA36826F9190E141AA8F2CFB)
    • Zoom.exe (PID: 4060 cmdline: "C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exe" "--url=zoommtg://ubc.zoom.us/join?action=join&confno=2243567901&pwd=ak1XbmprdFBUQnRZOWszWU91VHdyUT09&confid=dXRpZD1VVElEX2MyZWZmOTYwYmQ5NzQyZmJiMDU5YWI0OTJlNGI1ZDcwJnVzcz1jcWtsdHRSS1djZlZveUZvV0UyMlp6cGlqNXVabGZfY1RMYUlHNG9mMEdYbmdlTi1DYWNtRXZrRGlLdUpLNUlwTDItRmQtOTJ2aG41cVJqMWg4ZE94MG1vS3dYRjBDOVM2Ull4aWJmcWd6cUh0a0NuZWlGZUl5aGhGcEVCbk9wNVRLbmQ5Q0hCanltMER4YUtqUFBUdlNuNGRBZkRYckFGX3FRcnFBLkxPcGcxeHVGbjd2bUFIX3cmdGlkPWQ4ODYwNjliYmU1NTRjMjY5YTAwNjVjMzhlMjQ0ZTYw&browser=chrome" MD5: F481F25C82B2CD0302544AAB09BD7884)
  • chrome.exe (PID: 4540 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://ubc.zoom.us/j/2243567901?pwd=ak1XbmprdFBUQnRZOWszWU91VHdyUT09" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • rundll32.exe (PID: 8080 cmdline: C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding MD5: EF3179D498793BF4234F708D3BE28633)
  • notepad.exe (PID: 8124 cmdline: "C:\Windows\system32\NOTEPAD.EXE" C:\Users\user\Downloads\zopener_8a4800ea0a3f43f4bafd7706c1a4e7ee.log MD5: 27F71B12CB585541885A31BE22F61C83)
  • cleanup

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: Modification of IE Registry Settings
Source: Registry Key setAuthor: frack113: Data: Details: , EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe, ProcessId: 8188, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\Zoom 3.6.0

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results
Source: https://ubc.zoom.us/j/2243567901?pwd=ak1XbmprdFBUQnRZOWszWU91VHdyUT09#successHTTP Parser: No favicon
Source: https://ubc.zoom.us/j/2243567901?pwd=ak1XbmprdFBUQnRZOWszWU91VHdyUT09#successHTTP Parser: No favicon
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION Zoom.exe
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoomUMX
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\installer.txt
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\directui_license.txt
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\duilib_license.txt
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\nanosvg_LICENSE.txt
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\tmp_bin\directui_license.txt
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\tmp_bin\duilib_license.txt
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\tmp_bin\nanosvg_LICENSE.txt
Source: unknownHTTPS traffic detected: 23.56.254.164:443 -> 192.168.2.16:49713 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.56.254.164:443 -> 192.168.2.16:49722 version: TLS 1.2
Source: unknownHTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.16:49734 version: TLS 1.2
Source: unknownHTTPS traffic detected: 170.114.52.10:443 -> 192.168.2.16:49735 version: TLS 1.2
Source: unknownHTTPS traffic detected: 170.114.46.1:443 -> 192.168.2.16:49737 version: TLS 1.2
Source: unknownHTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.16:61319 version: TLS 1.2
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile opened: C:\Users\user
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile opened: C:\Users\user\AppData\Roaming
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile opened: C:\Users\user\AppData\Roaming\Zoom\uninstall\Installer.exe
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile opened: C:\Users\user\AppData\Roaming\Zoom\uninstall
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile opened: C:\Users\user\AppData\Roaming\Zoom
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile opened: C:\Users\user\AppData
Source: global trafficTCP traffic: 192.168.2.16:61317 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:61317 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:61317 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:61317 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:61317 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:61317 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:61317 -> 1.1.1.1:53
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.254.164
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.254.164
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.254.164
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.254.164
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.254.164
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.254.164
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.254.164
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.254.164
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.254.164
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.254.164
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.254.164
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.254.164
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.254.164
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.254.164
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.254.164
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.254.164
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.254.164
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.254.164
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.254.164
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficDNS traffic detected: DNS query: ubc.zoom.us
Source: global trafficDNS traffic detected: DNS query: st2.zoom.us
Source: global trafficDNS traffic detected: DNS query: us01ccistatic.zoom.us
Source: global trafficDNS traffic detected: DNS query: cdn.cookielaw.org
Source: global trafficDNS traffic detected: DNS query: log-gateway.zoom.us
Source: global trafficDNS traffic detected: DNS query: ca01st3.zoom.us
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: geolocation.onetrust.com
Source: global trafficDNS traffic detected: DNS query: cdn.zoom.us
Source: global trafficDNS traffic detected: DNS query: zoom.us
Source: global trafficDNS traffic detected: DNS query: www3.zoom.us
Source: global trafficDNS traffic detected: DNS query: st1.zoom.us
Source: global trafficDNS traffic detected: DNS query: ca01st1.zoom.us
Source: global trafficDNS traffic detected: DNS query: ca01st2.zoom.us
Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61327 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61333 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61356 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61347
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61342 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61348
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61349
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61340
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61341
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61342
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61343
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61344
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61345
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61346
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61330 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61351 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61324 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61339 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61345 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61350
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61351
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61352
Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61353
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61354
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61355
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61356
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61335 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61329 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61354 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61321 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61340 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 61348 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61332 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61326 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61343 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
Source: unknownNetwork traffic detected: HTTP traffic on port 61337 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61352 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61323 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61346 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61355 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61334 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61328 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61319
Source: unknownNetwork traffic detected: HTTP traffic on port 61341 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61349 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61331 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61325 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61325
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61326
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61327
Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61328
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61329
Source: unknownNetwork traffic detected: HTTP traffic on port 61319 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61338 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61344 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61321
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61323
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61324
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61336 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61353 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61336
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61337
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61338
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61339
Source: unknownNetwork traffic detected: HTTP traffic on port 61347 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61350 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61330
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61331
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61332
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61333
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61334
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61335
Source: unknownHTTPS traffic detected: 23.56.254.164:443 -> 192.168.2.16:49713 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.56.254.164:443 -> 192.168.2.16:49722 version: TLS 1.2
Source: unknownHTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.16:49734 version: TLS 1.2
Source: unknownHTTPS traffic detected: 170.114.52.10:443 -> 192.168.2.16:49735 version: TLS 1.2
Source: unknownHTTPS traffic detected: 170.114.46.1:443 -> 192.168.2.16:49737 version: TLS 1.2
Source: unknownHTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.16:61319 version: TLS 1.2
Source: classification engineClassification label: mal52.evad.win@38/229@42/130
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Users\user\Downloads\Zoom_cm_fotiZ9vvrZo4_mJGohcJr5Wi4nh-+oH9qDAdNxPgV4bAl8sJE@Ya299Uo3BvkVZYb-_ke7c3d59090895be7_.exeMutant created: \Sessions\1\BaseNamedObjects\Global\C:/Users/user/Downloads/zopener_8a4800ea0a3f43f4bafd7706c1a4e7ee.log
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeMutant created: \Sessions\1\BaseNamedObjects\zoom.us Installer Mutex 1.0.0.0
Source: C:\Users\user\Downloads\Zoom_cm_fotiZ9vvrZo4_mJGohcJr5Wi4nh-+oH9qDAdNxPgV4bAl8sJE@Ya299Uo3BvkVZYb-_ke7c3d59090895be7_.exeMutant created: \Sessions\1\BaseNamedObjects\Global\ZOpener.user.launcher
Source: C:\Users\user\Downloads\Zoom_cm_fotiZ9vvrZo4_mJGohcJr5Wi4nh-+oH9qDAdNxPgV4bAl8sJE@Ya299Uo3BvkVZYb-_ke7c3d59090895be7_.exeFile created: C:\Users\user\AppData\Local\Temp\zm4221.tmp
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Process where name = "Zoom.exe"
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select MaxClockSpeed,Manufacturer,Name,Version,Description,CurrentClockSpeed from Win32_Processor
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Process where name = "Zoom.exe"
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select MaxClockSpeed,Manufacturer,Name,Version,Description,CurrentClockSpeed from Win32_Processor
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Process where name = "Zoom.exe"
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select MaxClockSpeed,Manufacturer,Name,Version,Description,CurrentClockSpeed from Win32_Processor
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select MaxClockSpeed,Manufacturer,Name,Version,Description,CurrentClockSpeed from Win32_Processor
Source: C:\Users\user\Downloads\Zoom_cm_fotiZ9vvrZo4_mJGohcJr5Wi4nh-+oH9qDAdNxPgV4bAl8sJE@Ya299Uo3BvkVZYb-_ke7c3d59090895be7_.exeFile read: C:\Users\user\Desktop\desktop.ini
Source: C:\Users\user\Downloads\Zoom_cm_fotiZ9vvrZo4_mJGohcJr5Wi4nh-+oH9qDAdNxPgV4bAl8sJE@Ya299Uo3BvkVZYb-_ke7c3d59090895be7_.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1920,i,10911561372752407795,12782074899666422176,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://ubc.zoom.us/j/2243567901?pwd=ak1XbmprdFBUQnRZOWszWU91VHdyUT09"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5868 --field-trial-handle=1920,i,10911561372752407795,12782074899666422176,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1920,i,10911561372752407795,12782074899666422176,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5868 --field-trial-handle=1920,i,10911561372752407795,12782074899666422176,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Users\user\Downloads\Zoom_cm_fotiZ9vvrZo4_mJGohcJr5Wi4nh-+oH9qDAdNxPgV4bAl8sJE@Ya299Uo3BvkVZYb-_ke7c3d59090895be7_.exe "C:\Users\user\Downloads\Zoom_cm_fotiZ9vvrZo4_mJGohcJr5Wi4nh-+oH9qDAdNxPgV4bAl8sJE@Ya299Uo3BvkVZYb-_ke7c3d59090895be7_.exe"
Source: C:\Users\user\Downloads\Zoom_cm_fotiZ9vvrZo4_mJGohcJr5Wi4nh-+oH9qDAdNxPgV4bAl8sJE@Ya299Uo3BvkVZYb-_ke7c3d59090895be7_.exeProcess created: C:\Users\user\Downloads\Zoom_cm_fotiZ9vvrZo4_mJGohcJr5Wi4nh-+oH9qDAdNxPgV4bAl8sJE@Ya299Uo3BvkVZYb-_ke7c3d59090895be7_.exe "C:\Users\user\Downloads\Zoom_cm_fotiZ9vvrZo4_mJGohcJr5Wi4nh-+oH9qDAdNxPgV4bAl8sJE@Ya299Uo3BvkVZYb-_ke7c3d59090895be7_.exe" /normal.priviledge
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Users\user\Downloads\Zoom_cm_fotiZ9vvrZo4_mJGohcJr5Wi4nh-+oH9qDAdNxPgV4bAl8sJE@Ya299Uo3BvkVZYb-_ke7c3d59090895be7_.exe "C:\Users\user\Downloads\Zoom_cm_fotiZ9vvrZo4_mJGohcJr5Wi4nh-+oH9qDAdNxPgV4bAl8sJE@Ya299Uo3BvkVZYb-_ke7c3d59090895be7_.exe"
Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: unknownProcess created: C:\Windows\System32\notepad.exe "C:\Windows\system32\NOTEPAD.EXE" C:\Users\user\Downloads\zopener_8a4800ea0a3f43f4bafd7706c1a4e7ee.log
Source: C:\Users\user\Downloads\Zoom_cm_fotiZ9vvrZo4_mJGohcJr5Wi4nh-+oH9qDAdNxPgV4bAl8sJE@Ya299Uo3BvkVZYb-_ke7c3d59090895be7_.exeProcess created: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe "C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe" ZInstaller --conf.mode=silent --ipc_wnd=262910
Source: C:\Users\user\Downloads\Zoom_cm_fotiZ9vvrZo4_mJGohcJr5Wi4nh-+oH9qDAdNxPgV4bAl8sJE@Ya299Uo3BvkVZYb-_ke7c3d59090895be7_.exeProcess created: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe "C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe" ZInstaller --conf.mode=silent --ipc_wnd=262910
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeProcess created: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe "C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe" /addfwexception --bin_home="C:\Users\user\AppData\Roaming\Zoom\bin"
Source: C:\Users\user\Downloads\Zoom_cm_fotiZ9vvrZo4_mJGohcJr5Wi4nh-+oH9qDAdNxPgV4bAl8sJE@Ya299Uo3BvkVZYb-_ke7c3d59090895be7_.exeProcess created: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exe "C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exe" "--url=zoommtg://win.launch?h.domain=ubc.zoom.us&h.path=join&confid=dXNzPWNxa2x0dFJLV2NmVm95Rm9XRTIyWnpwaWo1dVpsZl9jVExhSUc0b2YwR1huZ2VOLUNhY21FdmtEaUt1Sks1SXBMMi1GZC05MnZobjVxUmoxaDhkT3gwbW9Ld1hGMEM5UzZSWXhpYmZxZ3pxSHRrQ25laUZlSXloaEZwRUJuT3A1VEtuZDlDSEJqeW0wRHhhS2pQUFR2U240ZEFmRFhyQUZfcVFycUEuTE9wZzF4dUZuN3ZtQUhfdyZ0aWQ9ZDg4NjA2OWJiZTU1NGMyNjlhMDA2NWMzOGUyNDRlNjA%3D&mcv=0.92.11227.0929&stype=0&zc=0&browser=chrome&action=join&confno=2243567901&pwd=ak1XbmprdFBUQnRZOWszWU91VHdyUT09"
Source: C:\Users\user\Downloads\Zoom_cm_fotiZ9vvrZo4_mJGohcJr5Wi4nh-+oH9qDAdNxPgV4bAl8sJE@Ya299Uo3BvkVZYb-_ke7c3d59090895be7_.exeProcess created: C:\Users\user\AppData\Local\Temp\zm4221.tmp "C:\Users\user\AppData\Local\Temp\zm4221.tmp" -DAF8C715436E44649F1312698287E6A5=C:\Users\user\Downloads\Zoom_cm_fotiZ9vvrZo4_mJGohcJr5Wi4nh-+oH9qDAdNxPgV4bAl8sJE@Ya299Uo3BvkVZYb-_ke7c3d59090895be7_.exe
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeProcess created: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exe "C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exe" --action=join --runaszvideo=TRUE
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exe "C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exe" "--url=zoommtg://ubc.zoom.us/join?action=join&confno=2243567901&pwd=ak1XbmprdFBUQnRZOWszWU91VHdyUT09&confid=dXRpZD1VVElEX2MyZWZmOTYwYmQ5NzQyZmJiMDU5YWI0OTJlNGI1ZDcwJnVzcz1jcWtsdHRSS1djZlZveUZvV0UyMlp6cGlqNXVabGZfY1RMYUlHNG9mMEdYbmdlTi1DYWNtRXZrRGlLdUpLNUlwTDItRmQtOTJ2aG41cVJqMWg4ZE94MG1vS3dYRjBDOVM2Ull4aWJmcWd6cUh0a0NuZWlGZUl5aGhGcEVCbk9wNVRLbmQ5Q0hCanltMER4YUtqUFBUdlNuNGRBZkRYckFGX3FRcnFBLkxPcGcxeHVGbjd2bUFIX3cmdGlkPWQ4ODYwNjliYmU1NTRjMjY5YTAwNjVjMzhlMjQ0ZTYw&browser=chrome"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exe "C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exe" "--url=zoommtg://ubc.zoom.us/join?action=join&confno=2243567901&pwd=ak1XbmprdFBUQnRZOWszWU91VHdyUT09&confid=dXRpZD1VVElEX2MyZWZmOTYwYmQ5NzQyZmJiMDU5YWI0OTJlNGI1ZDcwJnVzcz1jcWtsdHRSS1djZlZveUZvV0UyMlp6cGlqNXVabGZfY1RMYUlHNG9mMEdYbmdlTi1DYWNtRXZrRGlLdUpLNUlwTDItRmQtOTJ2aG41cVJqMWg4ZE94MG1vS3dYRjBDOVM2Ull4aWJmcWd6cUh0a0NuZWlGZUl5aGhGcEVCbk9wNVRLbmQ5Q0hCanltMER4YUtqUFBUdlNuNGRBZkRYckFGX3FRcnFBLkxPcGcxeHVGbjd2bUFIX3cmdGlkPWQ4ODYwNjliYmU1NTRjMjY5YTAwNjVjMzhlMjQ0ZTYw&browser=chrome"
Source: C:\Users\user\Downloads\Zoom_cm_fotiZ9vvrZo4_mJGohcJr5Wi4nh-+oH9qDAdNxPgV4bAl8sJE@Ya299Uo3BvkVZYb-_ke7c3d59090895be7_.exeProcess created: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exe "C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exe" "--url=zoommtg://win.launch?h.domain=ubc.zoom.us&h.path=join&confid=dXNzPWNxa2x0dFJLV2NmVm95Rm9XRTIyWnpwaWo1dVpsZl9jVExhSUc0b2YwR1huZ2VOLUNhY21FdmtEaUt1Sks1SXBMMi1GZC05MnZobjVxUmoxaDhkT3gwbW9Ld1hGMEM5UzZSWXhpYmZxZ3pxSHRrQ25laUZlSXloaEZwRUJuT3A1VEtuZDlDSEJqeW0wRHhhS2pQUFR2U240ZEFmRFhyQUZfcVFycUEuTE9wZzF4dUZuN3ZtQUhfdyZ0aWQ9ZDg4NjA2OWJiZTU1NGMyNjlhMDA2NWMzOGUyNDRlNjA%3D&mcv=0.92.11227.0929&stype=0&zc=0&browser=chrome&action=join&confno=2243567901&pwd=ak1XbmprdFBUQnRZOWszWU91VHdyUT09"
Source: C:\Users\user\Downloads\Zoom_cm_fotiZ9vvrZo4_mJGohcJr5Wi4nh-+oH9qDAdNxPgV4bAl8sJE@Ya299Uo3BvkVZYb-_ke7c3d59090895be7_.exeProcess created: C:\Users\user\AppData\Local\Temp\zm4221.tmp "C:\Users\user\AppData\Local\Temp\zm4221.tmp" -DAF8C715436E44649F1312698287E6A5=C:\Users\user\Downloads\Zoom_cm_fotiZ9vvrZo4_mJGohcJr5Wi4nh-+oH9qDAdNxPgV4bAl8sJE@Ya299Uo3BvkVZYb-_ke7c3d59090895be7_.exe
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeProcess created: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exe "C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exe" --action=join --runaszvideo=TRUE
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Users\user\Downloads\Zoom_cm_fotiZ9vvrZo4_mJGohcJr5Wi4nh-+oH9qDAdNxPgV4bAl8sJE@Ya299Uo3BvkVZYb-_ke7c3d59090895be7_.exeSection loaded: apphelp.dll
Source: C:\Users\user\Downloads\Zoom_cm_fotiZ9vvrZo4_mJGohcJr5Wi4nh-+oH9qDAdNxPgV4bAl8sJE@Ya299Uo3BvkVZYb-_ke7c3d59090895be7_.exeSection loaded: sspicli.dll
Source: C:\Users\user\Downloads\Zoom_cm_fotiZ9vvrZo4_mJGohcJr5Wi4nh-+oH9qDAdNxPgV4bAl8sJE@Ya299Uo3BvkVZYb-_ke7c3d59090895be7_.exeSection loaded: uxtheme.dll
Source: C:\Users\user\Downloads\Zoom_cm_fotiZ9vvrZo4_mJGohcJr5Wi4nh-+oH9qDAdNxPgV4bAl8sJE@Ya299Uo3BvkVZYb-_ke7c3d59090895be7_.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\Downloads\Zoom_cm_fotiZ9vvrZo4_mJGohcJr5Wi4nh-+oH9qDAdNxPgV4bAl8sJE@Ya299Uo3BvkVZYb-_ke7c3d59090895be7_.exeSection loaded: textinputframework.dll
Source: C:\Users\user\Downloads\Zoom_cm_fotiZ9vvrZo4_mJGohcJr5Wi4nh-+oH9qDAdNxPgV4bAl8sJE@Ya299Uo3BvkVZYb-_ke7c3d59090895be7_.exeSection loaded: coreuicomponents.dll
Source: C:\Users\user\Downloads\Zoom_cm_fotiZ9vvrZo4_mJGohcJr5Wi4nh-+oH9qDAdNxPgV4bAl8sJE@Ya299Uo3BvkVZYb-_ke7c3d59090895be7_.exeSection loaded: coremessaging.dll
Source: C:\Users\user\Downloads\Zoom_cm_fotiZ9vvrZo4_mJGohcJr5Wi4nh-+oH9qDAdNxPgV4bAl8sJE@Ya299Uo3BvkVZYb-_ke7c3d59090895be7_.exeSection loaded: ntmarta.dll
Source: C:\Users\user\Downloads\Zoom_cm_fotiZ9vvrZo4_mJGohcJr5Wi4nh-+oH9qDAdNxPgV4bAl8sJE@Ya299Uo3BvkVZYb-_ke7c3d59090895be7_.exeSection loaded: wintypes.dll
Source: C:\Users\user\Downloads\Zoom_cm_fotiZ9vvrZo4_mJGohcJr5Wi4nh-+oH9qDAdNxPgV4bAl8sJE@Ya299Uo3BvkVZYb-_ke7c3d59090895be7_.exeSection loaded: wintypes.dll
Source: C:\Users\user\Downloads\Zoom_cm_fotiZ9vvrZo4_mJGohcJr5Wi4nh-+oH9qDAdNxPgV4bAl8sJE@Ya299Uo3BvkVZYb-_ke7c3d59090895be7_.exeSection loaded: wintypes.dll
Source: C:\Users\user\Downloads\Zoom_cm_fotiZ9vvrZo4_mJGohcJr5Wi4nh-+oH9qDAdNxPgV4bAl8sJE@Ya299Uo3BvkVZYb-_ke7c3d59090895be7_.exeSection loaded: wininet.dll
Source: C:\Users\user\Downloads\Zoom_cm_fotiZ9vvrZo4_mJGohcJr5Wi4nh-+oH9qDAdNxPgV4bAl8sJE@Ya299Uo3BvkVZYb-_ke7c3d59090895be7_.exeSection loaded: iertutil.dll
Source: C:\Users\user\Downloads\Zoom_cm_fotiZ9vvrZo4_mJGohcJr5Wi4nh-+oH9qDAdNxPgV4bAl8sJE@Ya299Uo3BvkVZYb-_ke7c3d59090895be7_.exeSection loaded: windows.storage.dll
Source: C:\Users\user\Downloads\Zoom_cm_fotiZ9vvrZo4_mJGohcJr5Wi4nh-+oH9qDAdNxPgV4bAl8sJE@Ya299Uo3BvkVZYb-_ke7c3d59090895be7_.exeSection loaded: wldp.dll
Source: C:\Users\user\Downloads\Zoom_cm_fotiZ9vvrZo4_mJGohcJr5Wi4nh-+oH9qDAdNxPgV4bAl8sJE@Ya299Uo3BvkVZYb-_ke7c3d59090895be7_.exeSection loaded: profapi.dll
Source: C:\Users\user\Downloads\Zoom_cm_fotiZ9vvrZo4_mJGohcJr5Wi4nh-+oH9qDAdNxPgV4bAl8sJE@Ya299Uo3BvkVZYb-_ke7c3d59090895be7_.exeSection loaded: textshaping.dll
Source: C:\Users\user\Downloads\Zoom_cm_fotiZ9vvrZo4_mJGohcJr5Wi4nh-+oH9qDAdNxPgV4bAl8sJE@Ya299Uo3BvkVZYb-_ke7c3d59090895be7_.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\Downloads\Zoom_cm_fotiZ9vvrZo4_mJGohcJr5Wi4nh-+oH9qDAdNxPgV4bAl8sJE@Ya299Uo3BvkVZYb-_ke7c3d59090895be7_.exeSection loaded: winhttp.dll
Source: C:\Users\user\Downloads\Zoom_cm_fotiZ9vvrZo4_mJGohcJr5Wi4nh-+oH9qDAdNxPgV4bAl8sJE@Ya299Uo3BvkVZYb-_ke7c3d59090895be7_.exeSection loaded: mswsock.dll
Source: C:\Users\user\Downloads\Zoom_cm_fotiZ9vvrZo4_mJGohcJr5Wi4nh-+oH9qDAdNxPgV4bAl8sJE@Ya299Uo3BvkVZYb-_ke7c3d59090895be7_.exeSection loaded: iphlpapi.dll
Source: C:\Users\user\Downloads\Zoom_cm_fotiZ9vvrZo4_mJGohcJr5Wi4nh-+oH9qDAdNxPgV4bAl8sJE@Ya299Uo3BvkVZYb-_ke7c3d59090895be7_.exeSection loaded: winnsi.dll
Source: C:\Users\user\Downloads\Zoom_cm_fotiZ9vvrZo4_mJGohcJr5Wi4nh-+oH9qDAdNxPgV4bAl8sJE@Ya299Uo3BvkVZYb-_ke7c3d59090895be7_.exeSection loaded: urlmon.dll
Source: C:\Users\user\Downloads\Zoom_cm_fotiZ9vvrZo4_mJGohcJr5Wi4nh-+oH9qDAdNxPgV4bAl8sJE@Ya299Uo3BvkVZYb-_ke7c3d59090895be7_.exeSection loaded: srvcli.dll
Source: C:\Users\user\Downloads\Zoom_cm_fotiZ9vvrZo4_mJGohcJr5Wi4nh-+oH9qDAdNxPgV4bAl8sJE@Ya299Uo3BvkVZYb-_ke7c3d59090895be7_.exeSection loaded: netutils.dll
Source: C:\Users\user\Downloads\Zoom_cm_fotiZ9vvrZo4_mJGohcJr5Wi4nh-+oH9qDAdNxPgV4bAl8sJE@Ya299Uo3BvkVZYb-_ke7c3d59090895be7_.exeSection loaded: dnsapi.dll
Source: C:\Users\user\Downloads\Zoom_cm_fotiZ9vvrZo4_mJGohcJr5Wi4nh-+oH9qDAdNxPgV4bAl8sJE@Ya299Uo3BvkVZYb-_ke7c3d59090895be7_.exeSection loaded: rasadhlp.dll
Source: C:\Users\user\Downloads\Zoom_cm_fotiZ9vvrZo4_mJGohcJr5Wi4nh-+oH9qDAdNxPgV4bAl8sJE@Ya299Uo3BvkVZYb-_ke7c3d59090895be7_.exeSection loaded: fwpuclnt.dll
Source: C:\Users\user\Downloads\Zoom_cm_fotiZ9vvrZo4_mJGohcJr5Wi4nh-+oH9qDAdNxPgV4bAl8sJE@Ya299Uo3BvkVZYb-_ke7c3d59090895be7_.exeSection loaded: schannel.dll
Source: C:\Users\user\Downloads\Zoom_cm_fotiZ9vvrZo4_mJGohcJr5Wi4nh-+oH9qDAdNxPgV4bAl8sJE@Ya299Uo3BvkVZYb-_ke7c3d59090895be7_.exeSection loaded: mskeyprotect.dll
Source: C:\Users\user\Downloads\Zoom_cm_fotiZ9vvrZo4_mJGohcJr5Wi4nh-+oH9qDAdNxPgV4bAl8sJE@Ya299Uo3BvkVZYb-_ke7c3d59090895be7_.exeSection loaded: ntasn1.dll
Source: C:\Users\user\Downloads\Zoom_cm_fotiZ9vvrZo4_mJGohcJr5Wi4nh-+oH9qDAdNxPgV4bAl8sJE@Ya299Uo3BvkVZYb-_ke7c3d59090895be7_.exeSection loaded: msasn1.dll
Source: C:\Users\user\Downloads\Zoom_cm_fotiZ9vvrZo4_mJGohcJr5Wi4nh-+oH9qDAdNxPgV4bAl8sJE@Ya299Uo3BvkVZYb-_ke7c3d59090895be7_.exeSection loaded: dpapi.dll
Source: C:\Users\user\Downloads\Zoom_cm_fotiZ9vvrZo4_mJGohcJr5Wi4nh-+oH9qDAdNxPgV4bAl8sJE@Ya299Uo3BvkVZYb-_ke7c3d59090895be7_.exeSection loaded: cryptsp.dll
Source: C:\Users\user\Downloads\Zoom_cm_fotiZ9vvrZo4_mJGohcJr5Wi4nh-+oH9qDAdNxPgV4bAl8sJE@Ya299Uo3BvkVZYb-_ke7c3d59090895be7_.exeSection loaded: rsaenh.dll
Source: C:\Users\user\Downloads\Zoom_cm_fotiZ9vvrZo4_mJGohcJr5Wi4nh-+oH9qDAdNxPgV4bAl8sJE@Ya299Uo3BvkVZYb-_ke7c3d59090895be7_.exeSection loaded: cryptbase.dll
Source: C:\Users\user\Downloads\Zoom_cm_fotiZ9vvrZo4_mJGohcJr5Wi4nh-+oH9qDAdNxPgV4bAl8sJE@Ya299Uo3BvkVZYb-_ke7c3d59090895be7_.exeSection loaded: gpapi.dll
Source: C:\Users\user\Downloads\Zoom_cm_fotiZ9vvrZo4_mJGohcJr5Wi4nh-+oH9qDAdNxPgV4bAl8sJE@Ya299Uo3BvkVZYb-_ke7c3d59090895be7_.exeSection loaded: ncrypt.dll
Source: C:\Users\user\Downloads\Zoom_cm_fotiZ9vvrZo4_mJGohcJr5Wi4nh-+oH9qDAdNxPgV4bAl8sJE@Ya299Uo3BvkVZYb-_ke7c3d59090895be7_.exeSection loaded: ncryptsslp.dll
Source: C:\Windows\System32\notepad.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\notepad.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\notepad.exeSection loaded: mrmcorer.dll
Source: C:\Windows\System32\notepad.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\notepad.exeSection loaded: wldp.dll
Source: C:\Windows\System32\notepad.exeSection loaded: textshaping.dll
Source: C:\Windows\System32\notepad.exeSection loaded: efswrt.dll
Source: C:\Windows\System32\notepad.exeSection loaded: mpr.dll
Source: C:\Windows\System32\notepad.exeSection loaded: wintypes.dll
Source: C:\Windows\System32\notepad.exeSection loaded: twinapi.appcore.dll
Source: C:\Windows\System32\notepad.exeSection loaded: oleacc.dll
Source: C:\Windows\System32\notepad.exeSection loaded: textinputframework.dll
Source: C:\Windows\System32\notepad.exeSection loaded: coreuicomponents.dll
Source: C:\Windows\System32\notepad.exeSection loaded: coremessaging.dll
Source: C:\Windows\System32\notepad.exeSection loaded: ntmarta.dll
Source: C:\Windows\System32\notepad.exeSection loaded: propsys.dll
Source: C:\Windows\System32\notepad.exeSection loaded: policymanager.dll
Source: C:\Windows\System32\notepad.exeSection loaded: msvcp110_win.dll
Source: C:\Users\user\Downloads\Zoom_cm_fotiZ9vvrZo4_mJGohcJr5Wi4nh-+oH9qDAdNxPgV4bAl8sJE@Ya299Uo3BvkVZYb-_ke7c3d59090895be7_.exeSection loaded: propsys.dll
Source: C:\Users\user\Downloads\Zoom_cm_fotiZ9vvrZo4_mJGohcJr5Wi4nh-+oH9qDAdNxPgV4bAl8sJE@Ya299Uo3BvkVZYb-_ke7c3d59090895be7_.exeSection loaded: edputil.dll
Source: C:\Users\user\Downloads\Zoom_cm_fotiZ9vvrZo4_mJGohcJr5Wi4nh-+oH9qDAdNxPgV4bAl8sJE@Ya299Uo3BvkVZYb-_ke7c3d59090895be7_.exeSection loaded: windows.staterepositoryps.dll
Source: C:\Users\user\Downloads\Zoom_cm_fotiZ9vvrZo4_mJGohcJr5Wi4nh-+oH9qDAdNxPgV4bAl8sJE@Ya299Uo3BvkVZYb-_ke7c3d59090895be7_.exeSection loaded: appresolver.dll
Source: C:\Users\user\Downloads\Zoom_cm_fotiZ9vvrZo4_mJGohcJr5Wi4nh-+oH9qDAdNxPgV4bAl8sJE@Ya299Uo3BvkVZYb-_ke7c3d59090895be7_.exeSection loaded: bcp47langs.dll
Source: C:\Users\user\Downloads\Zoom_cm_fotiZ9vvrZo4_mJGohcJr5Wi4nh-+oH9qDAdNxPgV4bAl8sJE@Ya299Uo3BvkVZYb-_ke7c3d59090895be7_.exeSection loaded: slc.dll
Source: C:\Users\user\Downloads\Zoom_cm_fotiZ9vvrZo4_mJGohcJr5Wi4nh-+oH9qDAdNxPgV4bAl8sJE@Ya299Uo3BvkVZYb-_ke7c3d59090895be7_.exeSection loaded: userenv.dll
Source: C:\Users\user\Downloads\Zoom_cm_fotiZ9vvrZo4_mJGohcJr5Wi4nh-+oH9qDAdNxPgV4bAl8sJE@Ya299Uo3BvkVZYb-_ke7c3d59090895be7_.exeSection loaded: sppc.dll
Source: C:\Users\user\Downloads\Zoom_cm_fotiZ9vvrZo4_mJGohcJr5Wi4nh-+oH9qDAdNxPgV4bAl8sJE@Ya299Uo3BvkVZYb-_ke7c3d59090895be7_.exeSection loaded: onecorecommonproxystub.dll
Source: C:\Users\user\Downloads\Zoom_cm_fotiZ9vvrZo4_mJGohcJr5Wi4nh-+oH9qDAdNxPgV4bAl8sJE@Ya299Uo3BvkVZYb-_ke7c3d59090895be7_.exeSection loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\Downloads\Zoom_cm_fotiZ9vvrZo4_mJGohcJr5Wi4nh-+oH9qDAdNxPgV4bAl8sJE@Ya299Uo3BvkVZYb-_ke7c3d59090895be7_.exeSection loaded: apphelp.dll
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeSection loaded: wldp.dll
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeSection loaded: textinputframework.dll
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeSection loaded: coreuicomponents.dll
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeSection loaded: coremessaging.dll
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeSection loaded: ntmarta.dll
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeSection loaded: wintypes.dll
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeSection loaded: wintypes.dll
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeSection loaded: wintypes.dll
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeSection loaded: msi.dll
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeSection loaded: profapi.dll
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeSection loaded: cryptsp.dll
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeSection loaded: rsaenh.dll
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeSection loaded: cryptbase.dll
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeSection loaded: msasn1.dll
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeSection loaded: gpapi.dll
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeSection loaded: firewallapi.dll
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeSection loaded: dnsapi.dll
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeSection loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeSection loaded: fwbase.dll
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeSection loaded: fwpolicyiomgr.dll
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeSection loaded: netapi32.dll
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeSection loaded: netutils.dll
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeSection loaded: samcli.dll
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeSection loaded: sspicli.dll
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeSection loaded: samlib.dll
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeSection loaded: propsys.dll
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeSection loaded: edputil.dll
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeSection loaded: urlmon.dll
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeSection loaded: iertutil.dll
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeSection loaded: srvcli.dll
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeSection loaded: windows.staterepositoryps.dll
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeSection loaded: appresolver.dll
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeSection loaded: bcp47langs.dll
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeSection loaded: slc.dll
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeSection loaded: userenv.dll
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeSection loaded: sppc.dll
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeSection loaded: onecorecommonproxystub.dll
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeSection loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeSection loaded: mpr.dll
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeSection loaded: pcacli.dll
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeSection loaded: sfc_os.dll
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeSection loaded: linkinfo.dll
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeSection loaded: ntshrui.dll
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeSection loaded: cscapi.dll
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeSection loaded: taskschd.dll
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeSection loaded: xmllite.dll
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeSection loaded: winmm.dll
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeSection loaded: msvcp140.dll
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeSection loaded: vcruntime140_1.dll
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeSection loaded: vcruntime140.dll
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeSection loaded: zcrashreport64.dll
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeSection loaded: vcruntime140.dll
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeSection loaded: wldp.dll
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeSection loaded: firewallapi.dll
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeSection loaded: dnsapi.dll
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeSection loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeSection loaded: fwbase.dll
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeSection loaded: fwpolicyiomgr.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: cmmlib.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: duilib.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: uibase.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: msaalib.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: cmmbiz.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: zoomtask.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: dwmapi.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: d3dcompiler_47.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: uiautomationcore.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: msvcp140.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: d2d1.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: dwrite.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: msimg32.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: oleacc.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: vcruntime140.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: vcruntime140_1.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: msvcp140.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: tp.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: vcruntime140_1.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: vcruntime140.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: zcrashreport64.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: util.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: reslib.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: cmmlib.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: msaalib.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: oleacc.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: util.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: cmmbiz.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: znetutils.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: msimg32.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: msvcp140.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: vcruntime140_1.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: vcruntime140.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: util.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: cmmlib.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: msvcp140.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: secur32.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: netapi32.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: dxgi.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: userenv.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: vcruntime140_1.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: vcruntime140.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: msvcp140.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: powrprof.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: vcruntime140_1.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: vcruntime140.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: msvcp140.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: oleacc.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: vcruntime140_1.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: vcruntime140.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: cryptsp.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: propsys.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: vcruntime140.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: vcruntime140_1.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: vcruntime140.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: zcontext.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: libssl-3-zm.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: libcrypto-3-zm.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: util.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: traffic.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: cmmlib.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: libcrypto-3-zm.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: winmm.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: netapi32.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: libcrypto-3-zm.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: libssl-3-zm.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: libcrypto-3-zm.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: sspicli.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: netutils.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: wkscli.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: wmiclnt.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: umpdc.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: msasn1.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: atlthunk.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: cryptbase.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: wldp.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: cryptnet.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: basecsp.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: rsaenh.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: gpapi.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: textinputframework.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: coreuicomponents.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: coremessaging.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: ntmarta.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: wintypes.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: wintypes.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: wintypes.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: wbemcomn.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: amsi.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: profapi.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: dbghelp.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: dhcpcsvc6.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: dnsapi.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: xmppdll.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: zmsgappcommon.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: zeventtracker.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: zmdb.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: zlooper.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: samcli.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: zcommonchat.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: wininet.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: mpr.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: dbghelp.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: nydus.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: viper.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: zoombase_crypto_shared.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: wtsapi32.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: d3d9.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: d3d10warp.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: dxcore.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: cscapi.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: resourcepolicyclient.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: zlt.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: d3d11.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: d3d10warp.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: d3d10warp.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: cares.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: winhttp.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: dpapi.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: winsta.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: hid.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: zzhostipcsdk.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: devobj.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: windowscodecs.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: msftedit.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: textshaping.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: windows.globalization.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: bcp47langs.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: bcp47mrm.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: globinputhost.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: linkinfo.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: ntshrui.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: srvcli.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: policymanager.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: msvcp110_win.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: taskflowdataengine.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: cdp.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: dsreg.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: onecorecommonproxystub.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: cmmbrowserengine.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: firewallapi.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: fwbase.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: fwpolicyiomgr.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: mswsock.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: wlanapi.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: wcmapi.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: rmclient.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: mobilenetworking.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: winnsi.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: mmdevapi.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: avrt.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: audioses.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: windows.ui.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: windowmanagementapi.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: inputhost.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: twinapi.appcore.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: twinapi.appcore.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: iertutil.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: napinsp.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: wshbth.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: nlaapi.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: winrnr.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: cabinet.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: cabinet.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: cmmlib.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: duilib.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: uibase.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: msaalib.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: cmmbiz.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: zoomtask.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: duilib.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: reslib.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: msaalib.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: oleacc.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: util.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: cmmbiz.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: znetutils.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: msvcp140.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: tp.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: libcrypto-3-zm.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: util.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: zoomtask.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: msvcp140.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: winmm.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: netapi32.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: msimg32.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: msvcp140.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: vcruntime140_1.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: vcruntime140.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: zcrashreport64.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: util.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: vcruntime140_1.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: vcruntime140.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: vcruntime140_1.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: vcruntime140.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: msvcp140.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: oleacc.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: vcruntime140_1.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: vcruntime140.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: dwmapi.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: d3dcompiler_47.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: uiautomationcore.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: msvcp140.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: d2d1.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: dwrite.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: msimg32.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: msvcp140.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: powrprof.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: vcruntime140_1.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: util.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: vcruntime140.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: msvcp140.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: secur32.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: netapi32.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: dxgi.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: userenv.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: vcruntime140_1.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: vcruntime140.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: oleacc.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: vcruntime140.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: vcruntime140_1.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: msvcp140.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: vcruntime140_1.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: vcruntime140.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: msvcp140.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: vcruntime140_1.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: vcruntime140.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: libcrypto-3-zm.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: vcruntime140_1.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: vcruntime140.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: libssl-3-zm.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: vcruntime140.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: vcruntime140_1.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: zcontext.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: libssl-3-zm.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: traffic.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: vcruntime140_1.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: vcruntime140.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: vcruntime140.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: cryptsp.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: propsys.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: wmiclnt.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: sspicli.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: netutils.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: wkscli.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: umpdc.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: msasn1.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: atlthunk.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: cryptbase.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: wldp.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: cryptnet.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: basecsp.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: rsaenh.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: gpapi.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: profapi.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: mmdevapi.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: devobj.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: dbghelp.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: dhcpcsvc6.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: dnsapi.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: wbemcomn.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: amsi.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: zcommonchat.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: zeventtracker.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: zui.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: zuires.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: wtsapi32.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: mpr.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: windowscodecs.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: onecorecommonproxystub.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: xmppdll.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: dbghelp.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: nydus.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: viper.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: zoombase_crypto_shared.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: d3d9.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: d3d10warp.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: dxcore.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: cscapi.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: resourcepolicyclient.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: zlt.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: d3d11.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: d3d10warp.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: d3d10warp.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: zmsgappcommon.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: zmdb.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: cares.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: winhttp.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: wininet.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: dpapi.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: cmmlib.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: duilib.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: uibase.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: msaalib.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: cmmbiz.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: zoomtask.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: reslib.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: msaalib.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: oleacc.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: util.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: cmmbiz.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: znetutils.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: dwmapi.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: d3dcompiler_47.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: uiautomationcore.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: msvcp140.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: d2d1.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: dwrite.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: msimg32.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: oleacc.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: vcruntime140.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: vcruntime140_1.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: msimg32.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: msvcp140.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: vcruntime140_1.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: vcruntime140.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: msvcp140.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: util.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: msvcp140.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: secur32.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: oleacc.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: netapi32.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: vcruntime140_1.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: dxgi.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: vcruntime140.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: userenv.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: vcruntime140_1.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: vcruntime140.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: msvcp140.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: powrprof.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: vcruntime140_1.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: vcruntime140.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: libcrypto-3-zm.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: util.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: msvcp140.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: winmm.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: netapi32.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: vcruntime140_1.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: vcruntime140.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: msvcp140.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: vcruntime140_1.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: vcruntime140.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: libcrypto-3-zm.dll
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: msvcp140.dll
Source: C:\Users\user\Downloads\Zoom_cm_fotiZ9vvrZo4_mJGohcJr5Wi4nh-+oH9qDAdNxPgV4bAl8sJE@Ya299Uo3BvkVZYb-_ke7c3d59090895be7_.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile written: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\crashrpt_lang.ini
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeFile opened: C:\Windows\SYSTEM32\msftedit.dll
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoomUMX
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\tmp_bin\api-ms-win-core-louserzation-l1-2-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\WebView2Loader.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeFile created: C:\Users\user\AppData\Roaming\Zoom\bin\temp_psapp\swresample_zm-4.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zKBCrypto.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\tmp_bin\api-ms-win-core-string-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\CptInstall.exeJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zmb.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zUpdater.exeJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeFile created: C:\Users\user\AppData\Roaming\Zoom\bin\temp_psapp\avutil_zm-57.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeFile created: C:\Users\user\AppData\Roaming\Zoom\bin\zPSUI.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\CptShare.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeFile created: C:\Users\user\AppData\Roaming\Zoom\bin\zCustomizeMeetingUI.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zCrashReport64.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\MailClient.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zData.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\ZZHostIPCSDK.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zChatUI.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeFile created: C:\Users\user\AppData\Roaming\Zoom\bin\zCCIUI.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zWinRes.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeFile created: C:\Users\user\AppData\Roaming\Zoom\bin\language\zLang_zh_cn.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\tmp_bin\api-ms-win-core-memory-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\viper.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\tmp_bin\api-ms-win-core-datetime-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeFile created: C:\Users\user\AppData\Roaming\Zoom\bin\language\zLang_korean.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\tmp_bin\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\annoter.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\tmp_bin\msvcp140_1.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zCrashReport64.exeJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\libmpg123.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\tmp_bin\cmmbiz.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeFile created: C:\Users\user\AppData\Roaming\Zoom\bin\zoom_meeting_bridge.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zMsgAppCommon.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\tmp_bin\api-ms-win-crt-math-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zVideoUI.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zzhost.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeFile created: C:\Users\user\AppData\Roaming\Zoom\bin\language\zLang_ru.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\tmp_bin\api-ms-win-crt-utility-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zWebview2Agent.exeJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\tmp_bin\msvcp140_2.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zContext.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\tmp_bin\Cmmlib.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\tmp_bin\api-ms-win-crt-environment-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\mcm.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\mfAdapter.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zNet.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\tmp_bin\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\tmp_bin\api-ms-win-core-namedpipe-l1-1-0.dllJump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\Downloads\2d992bd7-d94b-4d83-9390-a0e8c5c8b1c4.tmpJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\util.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\tmp_bin\ucrtbase.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zUnifyWebView.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\tmp_bin\api-ms-win-crt-locale-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\tmp_bin\api-ms-win-crt-private-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\tmp_bin\msvcp140.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\tmp_bin\CmmBrowserEngine.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\tmp_bin\api-ms-win-core-heap-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\tmp_bin\concrt140.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeFile created: C:\Users\user\AppData\Roaming\Zoom\bin\zAppRes.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zMeshNetAgent.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\tmp_bin\vccorlib140.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\tmp_bin\api-ms-win-core-errorhandling-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeFile created: C:\Users\user\AppData\Roaming\Zoom\bin\language\zLang_tr.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\tmp_bin\api-ms-win-crt-filesystem-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\tmp_bin\api-ms-win-crt-runtime-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\tmp_bin\msvcp140_codecvt_ids.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeFile created: C:\Users\user\AppData\Roaming\Zoom\bin\language\zLang_sv.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zWBUI.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeFile created: C:\Users\user\AppData\Roaming\Zoom\bin\zAppUI.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeFile created: C:\Users\user\AppData\Roaming\Zoom\bin\language\zLang_ptg.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\tmp_bin\api-ms-win-core-handle-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\asproxy.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zlt.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\tmp_bin\api-ms-win-core-console-l1-2-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zAutoUpdate.dllJump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\Downloads\Unconfirmed 201182.crdownloadJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\tmp_bin\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zm_conf_universal_ui.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zVideoApp.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\tmp_bin\api-ms-win-core-debug-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\libssl-3-zm.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\msaalib.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\ZUI.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zCommonChat.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\tmp_bin\api-ms-win-core-util-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\CptHost.exeJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\tmp_bin\api-ms-win-core-file-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\tmp_bin\api-ms-win-crt-process-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\tmp_bin\api-ms-win-crt-string-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zMailRes.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeFile created: C:\Users\user\AppData\Roaming\Zoom\bin\language\zLang_nl.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zEventTracker.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeFile created: C:\Users\user\AppData\Roaming\Zoom\bin\language\zLang_it.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zChatApp.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zUIRes.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\DuiLib.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\ZoomTask.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\Zoom_launcher.exeJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zMailUI.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\tmp_bin\api-ms-win-core-libraryloader-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zOutlookIMUtil.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\tmp_bin\api-ms-win-crt-heap-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\ZoomTelemetry.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\tmp_bin\api-ms-win-core-console-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\tmp_bin\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\tmp_bin\api-ms-win-crt-stdio-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeFile created: C:\Users\user\AppData\Roaming\Zoom\bin\swscale_zm-6.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\ZoomOutlookIMPlugin.exeJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\tmp_bin\api-ms-win-core-interlocked-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\ssb_sdk.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\tmp_bin\api-ms-win-core-processthreads-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Downloads\Zoom_cm_fotiZ9vvrZo4_mJGohcJr5Wi4nh-+oH9qDAdNxPgV4bAl8sJE@Ya299Uo3BvkVZYb-_ke7c3d59090895be7_.exeFile created: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zPSApp.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeFile created: C:\Users\user\AppData\Roaming\Zoom\bin\temp_psapp\avcodec_zm-59.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeFile created: C:\Users\user\AppData\Roaming\Zoom\bin\language\zLang_id.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\UIBase.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\tmp_bin\api-ms-win-core-processenvironment-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeFile created: C:\Users\user\AppData\Roaming\Zoom\bin\language\zLang_jp.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\tmp_bin\api-ms-win-core-sysinfo-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zLooper.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeFile created: C:\Users\user\AppData\Roaming\Zoom\bin\language\zLang_es.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\tp.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\reslib.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\Zoom.exeJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\ZMDB.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\tmp_bin\api-ms-win-crt-multibyte-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeFile created: C:\Users\user\AppData\Roaming\Zoom\bin\language\zLang_vi.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\CptService.exeJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\tmp_bin\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\CptControl.exeJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zWBUIRes.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\tmp_bin\msvcp140_atomic_wait.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeFile created: C:\Users\user\AppData\Roaming\Zoom\bin\zAppUISdk.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\tmp_bin\api-ms-win-core-file-l2-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\tmp_bin\vcruntime140.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeFile created: C:\Users\user\AppData\Roaming\Zoom\bin\language\zLang_zh_tw.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\viper_async_device.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zNetUtils.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\tmp_bin\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeFile created: C:\Users\user\AppData\Roaming\Zoom\bin\zApp.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\cares.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\tmp_bin\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeFile created: C:\Users\user\AppData\Roaming\Zoom\bin\language\zLang_de.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\tmp_bin\vcruntime140_1.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeFile created: C:\Users\user\AppData\Roaming\Zoom\bin\language\zLang_pl.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\tmp_bin\api-ms-win-crt-time-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zBusinessUIComponent.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zMsgApp.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeFile created: C:\Users\user\AppData\Roaming\Zoom\bin\avformat_zm-59.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zPTApp.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zTscoder.exeJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\XmppDll.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\tmp_bin\api-ms-win-core-file-l1-2-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\turbojpeg.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\tmp_bin\api-ms-win-core-synch-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeFile created: C:\Users\user\AppData\Roaming\Zoom\bin\language\zLang_fr.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zWebService.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\nydus.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zoombase_crypto_shared.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\installer.txt
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\directui_license.txt
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\duilib_license.txt
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\nanosvg_LICENSE.txt
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\tmp_bin\directui_license.txt
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\tmp_bin\duilib_license.txt
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile created: C:\Users\user\AppData\Roaming\Zoom\tmp_bin\nanosvg_LICENSE.txt
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Source: C:\Users\user\Downloads\Zoom_cm_fotiZ9vvrZo4_mJGohcJr5Wi4nh-+oH9qDAdNxPgV4bAl8sJE@Ya299Uo3BvkVZYb-_ke7c3d59090895be7_.exeRegistry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Users\user\Downloads\Zoom_cm_fotiZ9vvrZo4_mJGohcJr5Wi4nh-+oH9qDAdNxPgV4bAl8sJE@Ya299Uo3BvkVZYb-_ke7c3d59090895be7_.exeRegistry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeRegistry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeRegistry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Zoom_cm_fotiZ9vvrZo4_mJGohcJr5Wi4nh-+oH9qDAdNxPgV4bAl8sJE@Ya299Uo3BvkVZYb-_ke7c3d59090895be7_.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Zoom_cm_fotiZ9vvrZo4_mJGohcJr5Wi4nh-+oH9qDAdNxPgV4bAl8sJE@Ya299Uo3BvkVZYb-_ke7c3d59090895be7_.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX

Malware Analysis System Evasion

barindex
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : associators of {Win32_DiskPartition.DeviceID='Disk #0, Partition #1'} where ResultClass=Win32_DiskDrive
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : select * from Win32_DiskDriveToDiskPartition where Dependent="Win32_DiskPartition.DeviceID=\"Disk #0, Partition #1\""
Queries sensitive service information (via WMI, Win32_LogicalDisk, often done to detect sandboxes)
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : associators of {Win32_LogicalDisk.DeviceID='C:'} where ResultClass=Win32_DiskPartition
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : select * from Win32_LogicalDiskToPartition where Dependent="Win32_LogicalDisk.DeviceID=\"C:\""
Tries to delay execution (extensive OutputDebugStringW loop)
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeSection loaded: OutputDebugStringW count: 254
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeFile opened / queried: scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeWindow / User API: threadDelayed 654
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeWindow / User API: threadDelayed 2145
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\tmp_bin\api-ms-win-core-louserzation-l1-2-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\WebView2Loader.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\bin\temp_psapp\swresample_zm-4.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zKBCrypto.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\tmp_bin\api-ms-win-core-string-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zmb.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\CptInstall.exeJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zUpdater.exeJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\bin\temp_psapp\avutil_zm-57.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\bin\zPSUI.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\CptShare.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\bin\zCustomizeMeetingUI.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zCrashReport64.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\MailClient.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\ZZHostIPCSDK.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zData.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zChatUI.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\bin\zCCIUI.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zWinRes.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\bin\language\zLang_zh_cn.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\tmp_bin\api-ms-win-core-memory-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\viper.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\tmp_bin\api-ms-win-core-datetime-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\bin\language\zLang_korean.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\tmp_bin\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\annoter.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\tmp_bin\msvcp140_1.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zCrashReport64.exeJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\libmpg123.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\tmp_bin\cmmbiz.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\bin\zoom_meeting_bridge.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zMsgAppCommon.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\tmp_bin\api-ms-win-crt-math-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zzhost.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zVideoUI.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\bin\language\zLang_ru.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\tmp_bin\api-ms-win-crt-utility-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zWebview2Agent.exeJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\tmp_bin\msvcp140_2.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zContext.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\tmp_bin\Cmmlib.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\tmp_bin\api-ms-win-crt-environment-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\mcm.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zNet.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\mfAdapter.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\tmp_bin\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\tmp_bin\api-ms-win-core-namedpipe-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\util.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zUnifyWebView.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\tmp_bin\api-ms-win-crt-private-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\tmp_bin\api-ms-win-crt-locale-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\tmp_bin\CmmBrowserEngine.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\tmp_bin\concrt140.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\tmp_bin\api-ms-win-core-heap-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\bin\zAppRes.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zMeshNetAgent.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\tmp_bin\vccorlib140.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\tmp_bin\api-ms-win-core-errorhandling-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\bin\language\zLang_tr.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\tmp_bin\api-ms-win-crt-runtime-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\tmp_bin\api-ms-win-crt-filesystem-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\tmp_bin\msvcp140_codecvt_ids.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\bin\language\zLang_sv.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zWBUI.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\bin\zAppUI.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\bin\language\zLang_ptg.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\tmp_bin\api-ms-win-core-handle-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\asproxy.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zlt.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\tmp_bin\api-ms-win-core-console-l1-2-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zAutoUpdate.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\tmp_bin\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zm_conf_universal_ui.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zVideoApp.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\tmp_bin\api-ms-win-core-debug-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\libssl-3-zm.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\msaalib.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\ZUI.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zCommonChat.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\tmp_bin\api-ms-win-core-util-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\CptHost.exeJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\tmp_bin\api-ms-win-core-file-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\tmp_bin\api-ms-win-crt-string-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\tmp_bin\api-ms-win-crt-process-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zMailRes.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\bin\language\zLang_nl.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zEventTracker.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\bin\language\zLang_it.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zChatApp.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zUIRes.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\DuiLib.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\Zoom_launcher.exeJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\ZoomTask.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zMailUI.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\tmp_bin\api-ms-win-core-libraryloader-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zOutlookIMUtil.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\tmp_bin\api-ms-win-crt-heap-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\ZoomTelemetry.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\tmp_bin\api-ms-win-core-console-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\tmp_bin\api-ms-win-crt-stdio-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\tmp_bin\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\bin\swscale_zm-6.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\ZoomOutlookIMPlugin.exeJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\tmp_bin\api-ms-win-core-interlocked-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\ssb_sdk.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\tmp_bin\api-ms-win-core-processthreads-l1-1-0.dllJump to dropped file
Source: C:\Users\user\Downloads\Zoom_cm_fotiZ9vvrZo4_mJGohcJr5Wi4nh-+oH9qDAdNxPgV4bAl8sJE@Ya299Uo3BvkVZYb-_ke7c3d59090895be7_.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zPSApp.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\bin\temp_psapp\avcodec_zm-59.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\bin\language\zLang_id.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\tmp_bin\api-ms-win-core-processenvironment-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\UIBase.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\bin\language\zLang_jp.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\tmp_bin\api-ms-win-core-sysinfo-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zLooper.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\bin\language\zLang_es.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\tp.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\reslib.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\ZMDB.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\tmp_bin\api-ms-win-crt-multibyte-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\bin\language\zLang_vi.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\CptService.exeJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\tmp_bin\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\CptControl.exeJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zWBUIRes.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\tmp_bin\msvcp140_atomic_wait.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\bin\zAppUISdk.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\tmp_bin\api-ms-win-core-file-l2-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\bin\language\zLang_zh_tw.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\viper_async_device.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\tmp_bin\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\bin\zApp.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\cares.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\tmp_bin\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\bin\language\zLang_de.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\bin\language\zLang_pl.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\tmp_bin\api-ms-win-crt-time-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zMsgApp.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zBusinessUIComponent.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\bin\avformat_zm-59.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zTscoder.exeJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zPTApp.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\XmppDll.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\tmp_bin\api-ms-win-core-file-l1-2-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\turbojpeg.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\tmp_bin\api-ms-win-core-synch-l1-1-0.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\bin\language\zLang_fr.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zWebService.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zoombase_crypto_shared.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\nydus.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exe TID: 7632Thread sleep count: 654 > 30
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exe TID: 4404Thread sleep count: 2145 > 30
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : select * from Win32_BaseBoard
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select Manufacturer,Model,SystemType from Win32_ComputerSystem
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select Manufacturer,Model,SystemType from Win32_ComputerSystem
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select Manufacturer,Model,SystemType from Win32_ComputerSystem
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select Manufacturer,Model,SystemType from Win32_ComputerSystem
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select MaxClockSpeed,Manufacturer,Name,Version,Description,CurrentClockSpeed from Win32_Processor
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select MaxClockSpeed,Manufacturer,Name,Version,Description,CurrentClockSpeed from Win32_Processor
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select MaxClockSpeed,Manufacturer,Name,Version,Description,CurrentClockSpeed from Win32_Processor
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select MaxClockSpeed,Manufacturer,Name,Version,Description,CurrentClockSpeed from Win32_Processor
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile opened: C:\Users\user
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile opened: C:\Users\user\AppData\Roaming
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile opened: C:\Users\user\AppData\Roaming\Zoom\uninstall\Installer.exe
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile opened: C:\Users\user\AppData\Roaming\Zoom\uninstall
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile opened: C:\Users\user\AppData\Roaming\Zoom
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile opened: C:\Users\user\AppData
Source: C:\Users\user\Downloads\Zoom_cm_fotiZ9vvrZo4_mJGohcJr5Wi4nh-+oH9qDAdNxPgV4bAl8sJE@Ya299Uo3BvkVZYb-_ke7c3d59090895be7_.exeProcess information queried: ProcessInformation
Source: C:\Users\user\Downloads\Zoom_cm_fotiZ9vvrZo4_mJGohcJr5Wi4nh-+oH9qDAdNxPgV4bAl8sJE@Ya299Uo3BvkVZYb-_ke7c3d59090895be7_.exeProcess created: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe "C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe" ZInstaller --conf.mode=silent --ipc_wnd=262910
Source: C:\Users\user\Downloads\Zoom_cm_fotiZ9vvrZo4_mJGohcJr5Wi4nh-+oH9qDAdNxPgV4bAl8sJE@Ya299Uo3BvkVZYb-_ke7c3d59090895be7_.exeProcess created: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exe "C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exe" "--url=zoommtg://win.launch?h.domain=ubc.zoom.us&h.path=join&confid=dXNzPWNxa2x0dFJLV2NmVm95Rm9XRTIyWnpwaWo1dVpsZl9jVExhSUc0b2YwR1huZ2VOLUNhY21FdmtEaUt1Sks1SXBMMi1GZC05MnZobjVxUmoxaDhkT3gwbW9Ld1hGMEM5UzZSWXhpYmZxZ3pxSHRrQ25laUZlSXloaEZwRUJuT3A1VEtuZDlDSEJqeW0wRHhhS2pQUFR2U240ZEFmRFhyQUZfcVFycUEuTE9wZzF4dUZuN3ZtQUhfdyZ0aWQ9ZDg4NjA2OWJiZTU1NGMyNjlhMDA2NWMzOGUyNDRlNjA%3D&mcv=0.92.11227.0929&stype=0&zc=0&browser=chrome&action=join&confno=2243567901&pwd=ak1XbmprdFBUQnRZOWszWU91VHdyUT09"
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile opened: Windows Firewall: C:\Windows\System32\FirewallAPI.dll
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeFile opened: Windows Firewall: C:\Windows\System32\FirewallAPI.dll
Source: C:\Users\user\Downloads\Zoom_cm_fotiZ9vvrZo4_mJGohcJr5Wi4nh-+oH9qDAdNxPgV4bAl8sJE@Ya299Uo3BvkVZYb-_ke7c3d59090895be7_.exeProcess created: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exe "c:\users\user\appdata\roaming\zoom\bin\zoom.exe" "--url=zoommtg://win.launch?h.domain=ubc.zoom.us&h.path=join&confid=dxnzpwnxa2x0dfjlv2nmvm95rm9xrtiywnpwawo1dvpszl9jvexhsuc0b2ywr1huz2volunhy21fdmteaut1sks1sxbmmi1gzc05mnzobjvxumoxadhkt3gwbw9ld1hgmem5uzzswxhpymzxz3pxshrrq25lauzlsxloaezwrujut3a1vetuzdldsejqew0wrhhhs2pqufr2u240zefmrfhyquzfcvfycueute9wzzf4duzun3ztquhfdyz0awq9zdg4nja2owjiztu1ngmynjlhmda2nwmzoguyndrlnja%3d&mcv=0.92.11227.0929&stype=0&zc=0&browser=chrome&action=join&confno=2243567901&pwd=ak1xbmprdfbuqnrzowszwu91vhdyut09"
Source: C:\Users\user\Downloads\Zoom_cm_fotiZ9vvrZo4_mJGohcJr5Wi4nh-+oH9qDAdNxPgV4bAl8sJE@Ya299Uo3BvkVZYb-_ke7c3d59090895be7_.exeProcess created: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exe "c:\users\user\appdata\roaming\zoom\bin\zoom.exe" "--url=zoommtg://win.launch?h.domain=ubc.zoom.us&h.path=join&confid=dxnzpwnxa2x0dfjlv2nmvm95rm9xrtiywnpwawo1dvpszl9jvexhsuc0b2ywr1huz2volunhy21fdmteaut1sks1sxbmmi1gzc05mnzobjvxumoxadhkt3gwbw9ld1hgmem5uzzswxhpymzxz3pxshrrq25lauzlsxloaezwrujut3a1vetuzdldsejqew0wrhhhs2pqufr2u240zefmrfhyquzfcvfycueute9wzzf4duzun3ztquhfdyz0awq9zdg4nja2owjiztu1ngmynjlhmda2nwmzoguyndrlnja%3d&mcv=0.92.11227.0929&stype=0&zc=0&browser=chrome&action=join&confno=2243567901&pwd=ak1xbmprdfbuqnrzowszwu91vhdyut09"
Source: C:\Windows\System32\notepad.exeQueries volume information: C:\Users\user\Downloads\zopener_8a4800ea0a3f43f4bafd7706c1a4e7ee.log VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\userFR.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\userFI.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\userFB.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\userST.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\userSTI.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\userSTB.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\userSTBI.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\DUBAI-REGULAR.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\DUBAI-MEDIUM.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\DUBAI-LIGHT.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\DUBAI-BOLD.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\flat_officeFontsPreview.ttf VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\OFFSYM.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\OFFSYMSL.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\OFFSYMSB.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\OFFSYMXL.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\OFFSYML.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Windows\Fonts\OFFSYMB.TTF VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exeQueries volume information: C:\Users\user\AppData\Roaming\Zoom\data\Zoom.us.ini VolumeInformation
Source: C:\Users\user\Downloads\Zoom_cm_fotiZ9vvrZo4_mJGohcJr5Wi4nh-+oH9qDAdNxPgV4bAl8sJE@Ya299Uo3BvkVZYb-_ke7c3d59090895be7_.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid
Source: C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exeRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity Information1
Scripting		Valid Accounts231
Windows Management Instrumentation		1
Windows Service		1
Windows Service		1
Masquerading		OS Credential Dumping1
Query Registry		Remote ServicesData from Local System2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts1
Command and Scripting Interpreter		1
Scripting		11
Process Injection		1
Disable or Modify Tools		LSASS Memory23
Security Software Discovery		Remote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAt1
Registry Run Keys / Startup Folder		1
Registry Run Keys / Startup Folder		241
Virtualization/Sandbox Evasion		Security Account Manager241
Virtualization/Sandbox Evasion		SMB/Windows Admin SharesData from Network Shared Drive2
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCron1
DLL Side-Loading		1
DLL Side-Loading		1
Modify Registry		NTDS1
Process Discovery		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script11
Process Injection		LSA Secrets1
Application Window Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
Rundll32		Cached Domain Credentials3
File and Directory Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
DLL Side-Loading		DCSync133
System Information Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
https://ubc.zoom.us/j/2243567901?pwd=ak1XbmprdFBUQnRZOWszWU91VHdyUT090%Avira URL Cloudsafe

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\Downloads\Unconfirmed 201182.crdownload0%ReversingLabs
C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe0%ReversingLabs
C:\Users\user\AppData\Roaming\Zoom\tmp_bin\CmmBrowserEngine.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Zoom\tmp_bin\Cmmlib.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Zoom\tmp_bin\CptHost.exe (copy)0%ReversingLabs
C:\Users\user\AppData\Roaming\Zoom\tmp_bin\cmmbiz.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\CptControl.exe0%ReversingLabs
C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\CptHost.exe0%ReversingLabs
C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\CptInstall.exe0%ReversingLabs
C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\CptService.exe0%ReversingLabs
C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\CptShare.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\DuiLib.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\MailClient.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\UIBase.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\WebView2Loader.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\XmppDll.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\ZMDB.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\ZUI.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\ZZHostIPCSDK.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\Zoom.exe0%ReversingLabs
C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\ZoomOutlookIMPlugin.exe0%ReversingLabs
C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\ZoomTask.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\ZoomTelemetry.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\Zoom_launcher.exe0%ReversingLabs
C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\annoter.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\asproxy.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\cares.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\libmpg123.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\libssl-3-zm.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\mcm.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\mfAdapter.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\nydus.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\reslib.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\ssb_sdk.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\tp.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\turbojpeg.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\util.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\viper.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\viper_async_device.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zAutoUpdate.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zBusinessUIComponent.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zChatApp.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zChatUI.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zCommonChat.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zContext.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zCrashReport64.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zCrashReport64.exe0%ReversingLabs
C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zData.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zEventTracker.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zKBCrypto.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zLooper.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zMailRes.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zMailUI.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zMeshNetAgent.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zMsgApp.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zMsgAppCommon.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zNet.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zNetUtils.dll0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
ca01st1.zoom.us
170.114.45.1
truefalse
    		unknown
    edge-log-gateway-web-2f8111e8e5387748.elb.us-east-1.amazonaws.com
    		170.114.65.138
    		truefalse
      		unknown
      us01ccistatic-c.zoom.us
      		170.114.45.1
      		truefalse
        		unknown
        ca01web.zoom.us
        		170.114.52.10
        		truefalse
          		unknown
          cdn.zoom.us
          		170.114.46.1
          		truefalse
            		high
            st1.zoom.us
            		170.114.46.1
            		truefalse
              		high
              www.google.com
              		216.58.206.68
              		truefalse
                		high
                zoom.us
                		170.114.52.2
                		truefalse
                  		high
                  edge-log-gateway-web-158ad3d115123922.elb.us-east-2.amazonaws.com
                  		134.224.0.55
                  		truefalse
                    		unknown
                    cdn.cookielaw.org
                    		104.18.87.42
                    		truefalse
                      		high
                      geolocation.onetrust.com
                      		104.18.32.137
                      		truefalse
                        		high
                        ca01st2.zoom.us
                        		unknown
                        		unknownfalse
                          		unknown
                          ubc.zoom.us
                          		unknown
                          		unknownfalse
                            		unknown
                            log-gateway.zoom.us
                            		unknown
                            		unknownfalse
                              		high
                              us01ccistatic.zoom.us
                              		unknown
                              		unknownfalse
                                		high
                                www3.zoom.us
                                		unknown
                                		unknownfalse
                                  		unknown
                                  st2.zoom.us
                                  		unknown
                                  		unknownfalse
                                    		high
                                    ca01st3.zoom.us
                                    		unknown
                                    		unknownfalse
                                      		unknown

                                      Contacted URLs

                                      NameMaliciousAntivirus DetectionReputation
                                      https://ubc.zoom.us/j/2243567901?pwd=ak1XbmprdFBUQnRZOWszWU91VHdyUT09#successfalse
                                        		unknown

                                        World Map of Contacted IPs

                                        • No. of IPs < 25%
                                        • 25% < No. of IPs < 50%
                                        • 50% < No. of IPs < 75%
                                        • 75% < No. of IPs

                                        Public IPs

                                        IPDomainCountryFlagASNASN NameMalicious
                                        134.224.0.55
                                        		edge-log-gateway-web-158ad3d115123922.elb.us-east-2.amazonaws.comUnited States
                                        		3479PEACHNET-AS1USfalse
                                        104.18.87.42
                                        		cdn.cookielaw.orgUnited States
                                        		13335CLOUDFLARENETUSfalse
                                        108.177.15.84
                                        		unknownUnited States
                                        		15169GOOGLEUSfalse
                                        170.114.52.2
                                        		zoom.usUnited States
                                        		22347DORSEY-WHITNEYUSfalse
                                        134.224.0.54
                                        		unknownUnited States
                                        		3479PEACHNET-AS1USfalse
                                        144.195.5.213
                                        		unknownUnited States
                                        		20221IATACAfalse
                                        170.114.65.138
                                        		edge-log-gateway-web-2f8111e8e5387748.elb.us-east-1.amazonaws.comUnited States
                                        		22347DORSEY-WHITNEYUSfalse
                                        216.58.206.68
                                        		www.google.comUnited States
                                        		15169GOOGLEUSfalse
                                        172.64.155.119
                                        		unknownUnited States
                                        		13335CLOUDFLARENETUSfalse
                                        216.58.206.35
                                        		unknownUnited States
                                        		15169GOOGLEUSfalse
                                        142.250.181.238
                                        		unknownUnited States
                                        		15169GOOGLEUSfalse
                                        239.255.255.250
                                        		unknownReserved
                                        		unknownunknownfalse
                                        104.18.32.137
                                        		geolocation.onetrust.comUnited States
                                        		13335CLOUDFLARENETUSfalse
                                        144.195.4.213
                                        		unknownUnited States
                                        		20221IATACAfalse
                                        142.250.185.195
                                        		unknownUnited States
                                        		15169GOOGLEUSfalse
                                        142.251.40.174
                                        		unknownUnited States
                                        		15169GOOGLEUSfalse
                                        170.114.52.10
                                        		ca01web.zoom.usUnited States
                                        		22347DORSEY-WHITNEYUSfalse
                                        170.114.46.1
                                        		cdn.zoom.usUnited States
                                        		22347DORSEY-WHITNEYUSfalse
                                        170.114.45.1
                                        		ca01st1.zoom.usUnited States
                                        		22347DORSEY-WHITNEYUSfalse
                                        142.250.184.206
                                        		unknownUnited States
                                        		15169GOOGLEUSfalse

                                        Private

                                        IP
                                        192.168.2.16
                                        192.168.2.4

                                        General Information

                                        Joe Sandbox version:42.0.0 Malachite
                                        Analysis ID:1587177
                                        Start date and time:2025-01-10 00:45:51 +01:00
                                        Joe Sandbox product:CloudBasic
                                        Overall analysis duration:
                                        Hypervisor based Inspection enabled:false
                                        Report type:full
                                        Cookbook file name:defaultwindowsinteractivecookbook.jbs
                                        Sample URL:https://ubc.zoom.us/j/2243567901?pwd=ak1XbmprdFBUQnRZOWszWU91VHdyUT09
                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                        Number of analysed new started processes analysed:30
                                        Number of new started drivers analysed:0
                                        Number of existing processes analysed:0
                                        Number of existing drivers analysed:0
                                        Number of injected processes analysed:1
                                        Technologies:
                                        • EGA enabled
                                        Analysis Mode:stream
                                        Detection:MAL
                                        Classification:mal52.evad.win@38/229@42/130

                                        Warnings

                                        • Exclude process from analysis (whitelisted): SgrmBroker.exe, svchost.exe
                                        • Excluded IPs from analysis (whitelisted): 199.232.210.172, 142.250.185.195, 142.250.184.206, 108.177.15.84, 142.250.74.206, 172.217.18.14, 142.250.185.206
                                        • Excluded domains from analysis (whitelisted): fs.microsoft.com, clients2.google.com, accounts.google.com, redirector.gvt1.com, ctldl.windowsupdate.com, clientservices.googleapis.com, clients.l.google.com
                                        • Not all processes where analyzed, report is missing behavior information
                                        • Report size getting too big, too many NtCreateKey calls found.
                                        • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                        • Report size getting too big, too many NtEnumerateKey calls found.
                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                        • Report size getting too big, too many NtReadVirtualMemory calls found.
                                        • Report size getting too big, too many NtSetInformationFile calls found.
                                        • Report size getting too big, too many NtWriteFile calls found.
                                        • Timeout during stream target processing, analysis might miss dynamic analysis data
                                        • VT rate limit hit for: https://ubc.zoom.us/j/2243567901?pwd=ak1XbmprdFBUQnRZOWszWU91VHdyUT09

                                        Created / dropped Files

                                        C:\Users\user\AppData\Local\Temp\ZCOMPT~1.CAB.zmdownload

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exe
                                        File Type:Microsoft Cabinet archive data, many, 14270711 bytes, 25 files, at 0x1830 +A "zAppRes.dll" +A "zAppUI.dll", flags 0x4, ID 36432, number 1, extra bytes 6144 in head, 1139 datablocks, 0x1503 compression
                                        Category:dropped
                                        Size (bytes):14270711
                                        Entropy (8bit):7.999845834403855
                                        Encrypted:true
                                        SSDEEP:
                                        MD5:8B96AB560A731158FC34B41E8AA96543
                                        SHA1:B03C79567779C802FBDE19CC87FA7F25663AAE93
                                        SHA-256:CEEDD91A8D932CCD8F3EB21776931977A5F2ACD07A6340A05D1213EF8F1AA2FA
                                        SHA-512:039F4EADBC00CB820AD76D900242E55D584D0C7FC2B7BA58BBCBFF9C5DFA728315478C43891D1D06947AD6DD626FF2D8556DFBB90993A59FC1B07AA4F5F1CB56
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:MSCF............0...............P.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Local\Temp\ZLANG~1.7Z{.zmdownload

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exe
                                        File Type:7-zip archive data, version 0.4
                                        Category:dropped
                                        Size (bytes):2290310
                                        Entropy (8bit):7.999903047893452
                                        Encrypted:true
                                        SSDEEP:
                                        MD5:69B3A8471A9106FE40344F8DB288BE1B
                                        SHA1:E49BABEBCC6DC182D8CD009BB880B0B8DE8C1091
                                        SHA-256:D3843AC0322826E08303BB910BC8CD93334E741E549AEA36D5F062BC8C1ADDC2
                                        SHA-512:322D378D904F6FF6B7CCD5A6B1453DC08976043340CD93DF00F7324CFC8A9801F1DDB49C1248663A26A184B4F1DA69CB4C2168EC1A78AB5EA42415CE711963A6
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:7z..'...8./A.".....%.......Z....v...].&..p.........../D.|...!.6.uc..L..BW..........*....~..4.+mW....#.{*...u..Z.t.'.r...Z.U.Q.."@..6.."J...d......T\Y!n..[.w...:..........k.>\c9x.?%.u.".xT.....u#.....?.,v...%.K.S...'...-...k...<..y./.0E.X..A.....( ..#...l....d....lY.."?..y..^...]..&......s9!I0..5;.W.>-n..MC<1.iS<F...I..'n...gL..0._#.q..(.M.>...h.w.|.O..l)5,..>r..$h.K....|......%....V...x...X..g.;..y.V.!.:.B...u}G6.pQn....#.rx..?...K.`.n<..P.{*..[....|X..(2X}..4..U.>.....+...i=&.]g..=.....,.!.m.j</.[:+6.t..O..T..'.. y...K.&....SN..^.4........gPm..,.zO.@...=..W...l.#.!lP......UxF..z.*.x...K&....&..<.......Q.q.":R.A....:.+;....D.....&......Lo.g.4%.y4.[......&......\y.J%...c.7..,H..2.....T..aVS.|..'......K..Q..wkht^K.$...#....l.?.~.d.ZH......X...XUl.T.4\.D..>.-.fU..E.S{.K).|...z......Z....r...a.s2...v..S.5.>.{..V.n...9.....R\........T>.!nk,.......aP.............~.:..,S....c.A.......-.I...G..V./.S...GBke.#.z+..."....{5?~.n54..2 .`TZ.._..|.

                                        C:\Users\user\AppData\Local\Temp\zClipsCab{EA0714D2-67CC-445D-B32E-573F045A2191}

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exe
                                        File Type:Microsoft Cabinet archive data, many, 2069495 bytes, 6 files, at 0x1830 +A "zPSUI.dll" +A "swscale_zm-6.dll", flags 0x4, ID 8999, number 1, extra bytes 6144 in head, 247 datablocks, 0x1503 compression
                                        Category:dropped
                                        Size (bytes):2069495
                                        Entropy (8bit):7.998047071391029
                                        Encrypted:true
                                        SSDEEP:
                                        MD5:464EF9ED3E1F3CD37D30F4EC75AEFA4F
                                        SHA1:6F2633E25A268B25AD46E31467EDDAEB04FB861C
                                        SHA-256:FC393B475426B3A1F98F937157BDC3B0F6B130A2DC06611AF8D48ADC6DDF4342
                                        SHA-512:C974D0B2CA8D9B4AE81FD123799006B01C82B91C6C2D2713C8C3368797AD70BD050988543FE8AA3EFCFF0AFF61B5D83C9EA7052F930CBDD22CB2D80742AFC498
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:MSCF............0...............'#......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Local\Temp\zm4221.tmp:Zone.Identifier

                                        Download File
                                        Process:C:\Users\user\Downloads\Zoom_cm_fotiZ9vvrZo4_mJGohcJr5Wi4nh-+oH9qDAdNxPgV4bAl8sJE@Ya299Uo3BvkVZYb-_ke7c3d59090895be7_.exe
                                        File Type:ASCII text, with very long lines (686), with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):797
                                        Entropy (8bit):6.038297740042832
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:C695511232F0F72AF92918520073CC29
                                        SHA1:EF8BFF9E2C5591DD07C887F94B6C4DD8291A0344
                                        SHA-256:6EF8BD65F26D0996EBCCC7E8877AB570CFCD85CFBF88DAC2854007730C54C650
                                        SHA-512:7EB07E80364A7AFD8DEE3F9DEE4DF912C92EB9B5754BEA6BD6821CC99859C2B20727AF9401B9640523D8CF172F5D15E8D4FC6D40AC091C4C82E919506B59B882
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:[ZoneTransfer]..ZoneId=3..ReferrerUrl=https://ubc.zoom.us/j/2243567901?pwd=ak1XbmprdFBUQnRZOWszWU91VHdyUT09..HostUrl=https://ubc.zoom.us/launch/download/L5gQryhk2uT5qCl-icb2i8qJ2bpsbC4PmZI7QYdsTbP3BI5leVREUmHdROlJf4b_t1yTtn-It0_5J3Q1s15JA-FuW3bIBig-2e3ZYHh2IlhV70b6xxKb57doXcRSrD7RjTDMQwmQFjPBjJnDIi1Lnf3wyvHDfbxwrF2tGl8TY2dgvJXQo9m4xm-kkeI6vAypk9CUASmsAFf7JHJH01s_OQAfjNUBtzAuN-DInE-X7-nEmq18goCpFQqXXsQkJt8EZPAZupTvV-7GP9oKHDchFZyQD2I30K9TWcFYTVdU8BTG0GfkEOmmi9E_LwqDvCmrwqko5dbLT2jrhoBrtYu_cfjEBwK0b9kikoiLfW-m50KprBpey7FMmaklpUi9ecaxcG6-pg9NHPqguBSXElG03ZKNYvQ12Liq_NHdRSiP92t_gmyUenXb5vhyZ_WTr4Gxlz0oMsns6Oop-EkacDLNBTs80NgLiTLAr9tZQTOmm4OLyEGbw3WVeS4ShhaJti4sN3eOxCUv6c6kU_xzXUhrulUL_YO3UlNj1A.8800UxsXksWQX2ae/meeting/9QVsJT2OBTY_vqlsXxgPZm0W3lvPE6aeiak.o9vWanpkSSZcsLCy/Zoom_launcher.exe..

                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\352fd027c0e8f0e5.customDestinations-ms (copy)

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):0
                                        Entropy (8bit):0.0
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:0EA37C6B443386DD0C7DBE61A55C3420
                                        SHA1:0CA1ADFFE56B41EBA65D4DBD451D7605398D4965
                                        SHA-256:CB0B4CEA567AB5395BA79D4DA895173B59BCF268F32F3C4A39549B9C8E26B3A3
                                        SHA-512:808EEC2DCF4BCB6995E37F79AC551F3DACF7F5668848FC049B66D1F0B95169C99988DEA8E0D73DD077D2FD6FE5ADD2E0C9B1920D75390C148C3940BF2DB18150
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:...................................FL..................F.@.. ....G...b......b.......b..8...G.....................:..DG..Yr?.D..U..k0.&...&.........{4...E.%..b.......b......t...CFSF..1.....FW.H..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......FW.H)Z...............................A.p.p.D.a.t.a...B.V.1.....)Z...Roaming.@......FW.H)Z...........................y-z.R.o.a.m.i.n.g.....N.1.....)Z....Zoom..:......)Z.)Z............................(.9.Z.o.o.m.....J.1.....)Z....bin.8......)Z.)Z............................di.b.i.n.....Z.2.8...)Z. .Zoom.exe..B......)Z.)Z...............................Z.o.o.m...e.x.e.......^...............-.......]...........8zM......C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exe....S.c.r.e.e.n.s.h.o.t...-.-.i.n.i.t.p.a.r.a.m.=.s.c.r.e.e.n.s.h.o.t.2.C.:.\.U.s.e.r.s.\.c.a.l.i.\.A.p.p.D.a.t.a.\.R.o.a.m.i.n.g.\.Z.o.o.m.\.b.i.n.\.z.W.i.n.R.e.s...d.l.l.........%APPDATA%\Zoom\bin\zWinRes.dll..................................................................

                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\9B5UCYSE72G18YVSEFGR.temp

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):3850
                                        Entropy (8bit):3.4777518925818702
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:4769433EAAE4C5DF92FEF691BD7EE065
                                        SHA1:E6B544B40B86CEF17B23653F216FE85F377255C7
                                        SHA-256:6A6899D8E5D45EDCE1A1DB004625B52017D55B965106CF4634B1933606D05D51
                                        SHA-512:7DB956F650DEAB361ABF403AB46A287DFA7E98DD9026A355227B077769E2A44CE7131A0C3ABDAE44015EB01CE369B981CF9B7E50CD9C509003124E5F0AE86D47
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:...................................FL..................F.@.. ....G...b....H..b.......b..8...G.....................:..DG..Yr?.D..U..k0.&...&.........{4...E.%..b.......b......t...CFSF..1.....FW.H..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......FW.H)Z...............................A.p.p.D.a.t.a...B.V.1.....)Z...Roaming.@......FW.H)Z...........................y-z.R.o.a.m.i.n.g.....N.1.....)Z....Zoom..:......)Z.)Z............................s...Z.o.o.m.....J.1.....)Z....bin.8......)Z.)Z...........................y...b.i.n.....Z.2.8...)Z. .Zoom.exe..B......)Z.)Z...............................Z.o.o.m...e.x.e.......^...............-.......]...........8zM......C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exe....S.c.r.e.e.n.s.h.o.t...-.-.i.n.i.t.p.a.r.a.m.=.s.c.r.e.e.n.s.h.o.t.2.C.:.\.U.s.e.r.s.\.c.a.l.i.\.A.p.p.D.a.t.a.\.R.o.a.m.i.n.g.\.Z.o.o.m.\.b.i.n.\.z.W.i.n.R.e.s...d.l.l.........%APPDATA%\Zoom\bin\zWinRes.dll..................................................................

                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\I3C19IEW8JDUVXNE1DGC.temp

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):3850
                                        Entropy (8bit):3.4846954945485553
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:0EA37C6B443386DD0C7DBE61A55C3420
                                        SHA1:0CA1ADFFE56B41EBA65D4DBD451D7605398D4965
                                        SHA-256:CB0B4CEA567AB5395BA79D4DA895173B59BCF268F32F3C4A39549B9C8E26B3A3
                                        SHA-512:808EEC2DCF4BCB6995E37F79AC551F3DACF7F5668848FC049B66D1F0B95169C99988DEA8E0D73DD077D2FD6FE5ADD2E0C9B1920D75390C148C3940BF2DB18150
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:...................................FL..................F.@.. ....G...b......b.......b..8...G.....................:..DG..Yr?.D..U..k0.&...&.........{4...E.%..b.......b......t...CFSF..1.....FW.H..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......FW.H)Z...............................A.p.p.D.a.t.a...B.V.1.....)Z...Roaming.@......FW.H)Z...........................y-z.R.o.a.m.i.n.g.....N.1.....)Z....Zoom..:......)Z.)Z............................(.9.Z.o.o.m.....J.1.....)Z....bin.8......)Z.)Z............................di.b.i.n.....Z.2.8...)Z. .Zoom.exe..B......)Z.)Z...............................Z.o.o.m...e.x.e.......^...............-.......]...........8zM......C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exe....S.c.r.e.e.n.s.h.o.t...-.-.i.n.i.t.p.a.r.a.m.=.s.c.r.e.e.n.s.h.o.t.2.C.:.\.U.s.e.r.s.\.c.a.l.i.\.A.p.p.D.a.t.a.\.R.o.a.m.i.n.g.\.Z.o.o.m.\.b.i.n.\.z.W.i.n.R.e.s...d.l.l.........%APPDATA%\Zoom\bin\zWinRes.dll..................................................................

                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Jan 9 22:46:27 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                        Category:dropped
                                        Size (bytes):2673
                                        Entropy (8bit):3.991439298874476
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:8A6D6CE82339F5C55EE5F307B2CC795A
                                        SHA1:BA4AC59A03D877F86E82B7009CCD84F938CA5020
                                        SHA-256:3B419D37799293B2BDA298EBCB1A8B070B944AC7C2789ABC79F2AE89A9339EF1
                                        SHA-512:1CDFC0CB01E3C4BC7BADB51600548004976EB0F45B87A0466BF9EF5C07ABA8A8A7186FA792AE1D0BEEB15CB2D3D0A411B17481A71957CA50EF6D4CA3141AEEC0
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:L..................F.@.. ...$+.,....FR9..b..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I)Z.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V)Z.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V)Z.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V)Z............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V)Z............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........8zM......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Jan 9 22:46:27 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                        Category:dropped
                                        Size (bytes):2675
                                        Entropy (8bit):4.008916915153358
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:E60A11ECC2B84D43FFE2EE059A2A614F
                                        SHA1:75D1DCE74205CCCB8D4DDFB705D605E189D4566A
                                        SHA-256:D29AD1A968856203DAD24B251321C93AD66DC3E307C1B11657F5B84BB311A4D9
                                        SHA-512:2C9FAF9C8D7812741A45AE50D69838378BF7BEC0A6B4CF68FB7D027B3FB79FC2633CC64B93B6AE0CF5B0E3AB302B8EEA0C3BE9F5A897209EE35C5007DEB717FC
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:L..................F.@.. ...$+.,....|H+..b..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I)Z.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V)Z.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V)Z.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V)Z............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V)Z............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........8zM......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                        Category:dropped
                                        Size (bytes):2689
                                        Entropy (8bit):4.017569916844104
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:BB318564417AFF5A5256D67D223571EC
                                        SHA1:F05C6165ACB4F215A7D26CB606BE802691D92B42
                                        SHA-256:278ECFD7F709A36F8248548A2BE67CA00A9FF8B71B6CD82796DBB41E9B60421E
                                        SHA-512:2703977ED948A9FA2C3A5CB3236375CF7E44D5A9C662CC0C07CF4892D11E53A9AD7682E04CCE89AE0E8BA5706F98D02A47535F06FCBAF7DC00EC973ADF04B1EA
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I)Z.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V)Z.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V)Z.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V)Z............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........8zM......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Jan 9 22:46:27 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                        Category:dropped
                                        Size (bytes):2677
                                        Entropy (8bit):4.009868839262807
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:B01BEF21945CADD6183C33A32148410F
                                        SHA1:9B0D2780C365FEDE531889616EDD203978D733BE
                                        SHA-256:7E1F43D5C25455816EED70EF321233ECB9E61EDB98540E689D1D4FD7017EAFF2
                                        SHA-512:C5A486CD9D5A065C71859A2BF8AE9778A37B016F122DD5C4109A2349D52D4A931CB221C7BEDF274BD2908FA635F2779E73C575796ED2F59825B8A23FD838374E
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:L..................F.@.. ...$+.,......#..b..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I)Z.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V)Z.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V)Z.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V)Z............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V)Z............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........8zM......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Jan 9 22:46:27 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                        Category:dropped
                                        Size (bytes):2677
                                        Entropy (8bit):3.9932934126697646
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:62E0D9AB08F5A5ED7F3E35AB2C91E4ED
                                        SHA1:C49D292312549E30C443640E65647D8B716A04C5
                                        SHA-256:C108627C5AA9541542F3DBB84F14835B00B6EA24F4FE45EBA3B41CB5223570E1
                                        SHA-512:E5C46DB8C711D25AF1A6A74E47E742D4D280F986AF26BDAF2C8AD531D1F6B8628444333D6120A9054B4F6885BB1CCC21EE85C642B35DAD46603F9E96586A17FB
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:L..................F.@.. ...$+.,....Pt2..b..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I)Z.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V)Z.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V)Z.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V)Z............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V)Z............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........8zM......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Jan 9 22:46:27 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                        Category:dropped
                                        Size (bytes):2679
                                        Entropy (8bit):4.005709776278355
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:E3F5056ECA7B640736D72A6EBEE80B37
                                        SHA1:7075C9B46FE90FA12F0FFCD3B8D54CF021E91456
                                        SHA-256:130052D471FE9268227A05C776E553F8E9AA3DF53ADE5224DB8D42D9E04A7385
                                        SHA-512:B3916D31350FD08921E2F2020EE138AA1275EE5D0E4B65A0457F2DB0BA09CB4E6A6EF27594D03CE7498C9A9E272D81C49F7B564668EF103E194731808D9C9928
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:L..................F.@.. ...$+.,....+ ...b..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I)Z.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V)Z.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V)Z.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V)Z............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V)Z............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........8zM......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom\Uninstall Zoom Workplace.lnk

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has command line arguments, Icon number=0, Archive, ctime=Thu Jan 9 22:47:47 2025, mtime=Thu Jan 9 22:47:47 2025, atime=Thu Jan 9 22:46:43 2025, length=1099064, window=hide
                                        Category:dropped
                                        Size (bytes):1946
                                        Entropy (8bit):3.4311427576141633
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F285BB4990AA5AF7D95E97DEB2B3CAD5
                                        SHA1:7D5395C0BBD5573441FEA2A464184BF4D2EFF409
                                        SHA-256:D4C9484049DA4B6130EC325FD537A2DF5125768770DA440AA4FCCB3A4FCDCB28
                                        SHA-512:4F9E691B7B228AFAE460DCC7CAAA77BEC14B2C72E46268721EFBE1AFD501790E65670D8F5441A57B0C7094BEBFC92187718BC2DE45807D7A55B5377636E61BFE
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:L..................F.@.. ...h@#..b...g#..b...9...b..8.......................&.:..DG..Yr?.D..U..k0.&...&.........{4...E.%..b.......b......t...CFSF..1.....FW.H..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......FW.H)Z...............................A.p.p.D.a.t.a...B.V.1.....)Z...Roaming.@......FW.H)Z...........................y-z.R.o.a.m.i.n.g.....N.1.....)Z....Zoom..:......)Z.)Z................................Z.o.o.m.....\.1.....)Z....UNINST~1..D......)Z.)Z............................i..u.n.i.n.s.t.a.l.l.....h.2.8...)Z. .INSTAL~1.EXE..L......)Z..)Z......~.....................6.[.I.n.s.t.a.l.l.e.r...e.x.e.......i...............-.......h...........8zM......C:\Users\user\AppData\Roaming\Zoom\uninstall\Installer.exe....U.n.i.n.s.t.a.l.l. .Z.o.o.m. .W.o.r.k.p.l.a.c.e.+.....\.....\.....\.....\.....\.Z.o.o.m.\.u.n.i.n.s.t.a.l.l.\.I.n.s.t.a.l.l.e.r...e.x.e.../.u.n.i.n.s.t.a.l.l./.C.:.\.U.s.e.r.s.\.c.a.l.i.\.A.p.p.D.a.t.a.\.R.o.a.m.i.n.g.\.Z.o.o.m.\.b.i.n.\.Z.o.o.m...e.x.e.........%AP

                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom\Zoom Workplace.lnk

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Icon number=0, Archive, ctime=Thu Jan 9 22:47:32 2025, mtime=Thu Jan 9 22:47:32 2025, atime=Thu Jan 9 22:47:21 2025, length=434488, window=hide
                                        Category:dropped
                                        Size (bytes):1928
                                        Entropy (8bit):3.4090540422969258
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:4936A82C557A81803938F31F57B87584
                                        SHA1:0FEB6F8EEA50E4F722DB39890995A858C6BE00AA
                                        SHA-256:63B779238AB2554843CDB8A4F39892619F50535ECABD4C0FBE0E627FF579DCE0
                                        SHA-512:1EDEF254D74FC0759C0131F2CD911A1169A4B09572E2208764125E559A79F0A09015A2AFAB1A7D3E65EEF820A23426C4B4EDE5F5D81E8C974CDF1AB39DA40699
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:L..................F.@.. ....G...b...o...b.......b..8.........................:..DG..Yr?.D..U..k0.&...&.........{4...E.%..b.......b......t...CFSF..1.....FW.H..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......FW.H)Z...............................A.p.p.D.a.t.a...B.V.1.....)Z...Roaming.@......FW.H)Z...........................y-z.R.o.a.m.i.n.g.....N.1.....)Z....Zoom..:......)Z.)Z................................Z.o.o.m.....J.1.....)Z....bin.8......)Z.)Z............................di.b.i.n.....Z.2.8...)Z. .Zoom.exe..B......)Z.)Z...............................Z.o.o.m...e.x.e.......^...............-.......]...........8zM......C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exe....Z.o.o.m. .U.M.X. .....\.....\.....\.....\.....\.Z.o.o.m.\.b.i.n.\.Z.o.o.m...e.x.e./.C.:.\.U.s.e.r.s.\.c.a.l.i.\.A.p.p.D.a.t.a.\.R.o.a.m.i.n.g.\.Z.o.o.m.\.b.i.n.\.Z.o.o.m...e.x.e.........%APPDATA%\Zoom\bin\Zoom.exe...............................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe

                                        Download File
                                        Process:C:\Users\user\Downloads\Zoom_cm_fotiZ9vvrZo4_mJGohcJr5Wi4nh-+oH9qDAdNxPgV4bAl8sJE@Ya299Uo3BvkVZYb-_ke7c3d59090895be7_.exe
                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):1099064
                                        Entropy (8bit):6.36899126559305
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:D143FF2D8254FDA992D42B9275374306
                                        SHA1:EF125319B7F2F02BE3769E83C0A9B3038B21A207
                                        SHA-256:002F842029AD9D643DF9583DE0D814DE3205A40C577B0AD424A8165F2BB36A12
                                        SHA-512:A3E93FFB1250CF066981648A5D97B4281DA76E7CF4D0BE71C39515D9283C027912A9E35EB066B7A7B057367D5FA64A39E5D3109DBFFB11C570278CE4A99DC7F1
                                        Malicious:false
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 0%
                                        Reputation:unknown
                                        Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$..........NK...K...K......H......^...K..."...-.}.I.............X......A......]......F.............~.......J...K...J......J...RichK...........................PE..d...h.wg.........."............................@............................. ......Sa....`.................................................x........ ..8.......Lb...f..8_......8.......T.......................(...P...8............ ..........`....................text...~........................... ..`.rdata....... ......................@..@.data....|......."..................@....pdata..Lb.......d..................@..@.didat..8............z..............@..._RDATA...............|..............@..@.rsrc...8.... .......~..............@..@.reloc..8............T..............@..B................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Zoom.msi

                                        Download File
                                        Process:C:\Users\user\Downloads\Zoom_cm_fotiZ9vvrZo4_mJGohcJr5Wi4nh-+oH9qDAdNxPgV4bAl8sJE@Ya299Uo3BvkVZYb-_ke7c3d59090895be7_.exe
                                        File Type:7-zip archive data, version 0.4
                                        Category:modified
                                        Size (bytes):41646591
                                        Entropy (8bit):7.999987764406131
                                        Encrypted:true
                                        SSDEEP:
                                        MD5:1A7475695A5589A2A90A91F4B8F10EF5
                                        SHA1:E20BE7501FDC27CA6439E58BE1A3628C083E6C5A
                                        SHA-256:C7251851AAF1C956F2C2E00DB360BA8003D5B3CCDCDE54639AB54C0ECA92E7EA
                                        SHA-512:EA37333B66E173BD36976EF454E502D8621CDFECD0B78D7A1E64A289E2D38943D340B0553665ADC2DC442F023E22729830ACAFB82C4051A6BC72E438F6161A34
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:7z..'....4...y{.....%............A..]...F..\K!.RpC.&>.I.q.`..eX../..#..7.pn9.....x.;..:).V3.F..M..7$'..la.cT....X.{.fY..........._o.}.+]6..^....-...=ACY-"..a.......At...C..eV3/9e..:~u....n|~..^\B.....F....3.....}.-.."....[.].l.P.&.)yn.q;..y=......y4E.JM.B..S@... ...H...f...$V....k........hi....6....8A..w ..fw....`).C...J.7.]....+..u....s..0ZtU...m.........0.V.St...)......^...%.r.r8..&i...~..:A.Pp..@....E....x~<s...*c.}=..tNN.{..:,m.!A.sCY.c...v.C...v|bo...a.f..U%.B.....b]%.=.(.D.....=.V......D5.{'..8W...U.<.X.bF...-....9.......7.z..cQ........]....'K..h..+.r.~ .\AUC>...`....~...MY............W....4..;.U,.h...^.=..}.Kr..l....}.*S(,.......}..9...I..{..P7n......-..o...Q......a....6.u....@8&,.;]S.e.!..t.f._.a5..........|......R4...../Ys.lJv.yP[.+0....=....Hd...Z..3.........0'eS.J..E..$.].7j.Z...9.0.3...Q]dL..?c..N q....i.p7..........&4.........8n.e..P.Z..<....B.`.....#6.....kE9.j....6....K.....1..%'...-H.B4.|YV/..n%.G..T\(6F@..@..5..d

                                        C:\Users\user\AppData\Roaming\Zoom\bin\avformat_zm-59.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exe
                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):630072
                                        Entropy (8bit):5.730159358482059
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:74FE577F64F52FB9DFA535097D18F856
                                        SHA1:C8D068FBFC4AC377CA2290C2E87A3BE7654BC299
                                        SHA-256:DED4C16B0C91E2EF79E262F5C2D3A6AE00FC69B365AF1E2C1E1B47F10ACBAEBE
                                        SHA-512:9DA68FDD294325C9209F40E09FC46DB35C2841782460342A0EAEE6BB7C0013D9C2D4ADEC3E994C20299FDBAABCBFBE50A485975384B3F9B7CF11568B423A923F
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............{...{...{.....{..z...{.....{..~...{......{..x...{..z...{.M.z...{...z...{.M.....{.M.{...{.M.....{.M.y...{.Rich..{.................PE..d...?.*g.........." .....`..........................................................fv....`A........................................................`..&........C...>..8_...p..........8...............................8............................................text...D^.......`.................. ..`.rdata...-...p.......d..............@..@.data...............................@....pdata...K.......L..................@..@.idata...7.......8..................@..@.gfids..@....@......................@..@.00cfg..Q....P......."..............@..@.rsrc...&....`.......$..............@..@.reloc..c....p.......,..............@..B........................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\bin\language\zLang_de.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exe
                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):886584
                                        Entropy (8bit):5.3882456285311395
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:938D1F4B6AAC67D23B4B7BC7EA2E577F
                                        SHA1:676FD73B7722C11D05BDE9608B34563ECDECFC71
                                        SHA-256:42FE735D3A92BF69FC10E774832FF73167C4AAD1591DC1903C2A1EF961BC11D0
                                        SHA-512:F6D1678402A6C2524AB4AA282D0519463353A2C66FC78CF5878163AD91A75CD34A99628455E9A054627ACF488C06C97CE8D0F453AD7A53CD04D65A457089476F
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........L..L..L..E.D.N.....O.....E.....D.....O.....N..L..m.....O....(.M..L.@.N.....M..RichL..........................PE..d....wg.........." ................`........................................p............`A.................................................(..P....P.......@.......(..8_...`..(....!..p............................"..8............ ...............................text............................... ..`.rdata....... ......................@..@.data...H....0......................@....pdata.......@....... ..............@..@.rsrc........P......."..............@..@.reloc..(....`.......&..............@..B........................................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\bin\language\zLang_es.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exe
                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):878392
                                        Entropy (8bit):5.2948754036262535
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:D02A42EBAA115C4BCED5DC1618898C0D
                                        SHA1:5A4F99A0354EC6C8E7737E2B319E787E83048DD1
                                        SHA-256:C2E0160D813D6B2F63B8A0309BF783D4C85E62F301CBFED9ED0625E08C63272E
                                        SHA-512:B9A7A06D786CCC4AC3CDF8473D443459CB1DCAA8EC891FD5C9352BB594C736B33AD361D6982B78A2DF79B1FB2F3A931B7E2B245E0C96EE3FC6A2EA9DC6FD84D6
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........L..L..L..E.D.N.....O.....E.....D.....O.....N..L..m.....O....(.M..L.@.N.....M..RichL..........................PE..d....wg.........." ................`........................................P............`A.................................................(..P....P.......@..........8_...@..(....!..p............................"..8............ ...............................text............................... ..`.rdata....... ......................@..@.data...H....0......................@....pdata.......@....... ..............@..@.rsrc........P......."..............@..@.reloc..(....@......................@..B........................................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\bin\language\zLang_fr.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exe
                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):923448
                                        Entropy (8bit):5.356566671121191
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:B1E5AF9DD242FE1968A2C6A4618EB125
                                        SHA1:5F3FF849F961223C9514DA7308206D9BC608F04D
                                        SHA-256:81F65882D8208874E1CE6DEC3DDC0F99AC5A4826C6FA5EC67D05F1BFC18A4F8B
                                        SHA-512:07C2A259B7CA2971A8BD4130B60B0111C8319E4914FAD88709FFF3503395734BCF4BAF44B121D347CD45CE422166B6283808CD41FE19A8913EEEB11BA56F14BD
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........L..L..L..E.D.N.....O.....E.....D.....O.....N..L..m.....O....(.M..L.@.N.....M..RichL..........................PE..d....wg.........." ................`................................................w....`A.................................................(..P....P.......@..........8_......(....!..p............................"..8............ ...............................text............................... ..`.rdata....... ......................@..@.data...H....0......................@....pdata.......@....... ..............@..@.rsrc........P......."..............@..@.reloc..(...........................@..B........................................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\bin\language\zLang_id.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exe
                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):805688
                                        Entropy (8bit):5.281250972531714
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:C48A9EC5106DA064056B3C5B23E672A1
                                        SHA1:A03311D7FA52B5A8842375FB8CEA08C4ACB0B079
                                        SHA-256:ECE746BE07DDF8132494E67BBE3C20996D141A8E8550BD1BE3B2A7F0E5EC96BD
                                        SHA-512:4EF946F0E32EA675FD1A9079D6188D15CAF79E66ECC4D7EC774A35FBEDD575DA0AD859A9CC2F4FD0A86860F3966ED182EF52262BBA32DBCB4CF5515C6D5042A1
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........L..L..L..E.D.N.....O.....E.....D.....O.....N..L..m.....O....(.M..L.@.N.....M..RichL..........................PE..d....wg.........." ................`........................................0............`A.................................................(..P....P.......@..........8_... ..(....!..p............................"..8............ ...............................text............................... ..`.rdata....... ......................@..@.data...H....0......................@....pdata.......@....... ..............@..@.rsrc........P......."..............@..@.reloc..(.... ......................@..B........................................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\bin\language\zLang_it.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exe
                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):861496
                                        Entropy (8bit):5.268240061859756
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:E4E90700DD69E7EC5A0C9D01682D203C
                                        SHA1:0377BD22CE88FC9BECCD02E579BD6EE99F84E9BD
                                        SHA-256:7C106F0A810900926374A06BD307CBA96796E073ABDCE290ACC13C4448348207
                                        SHA-512:43EC814BD478D8247F166DDB041D17BBA8B96FA0C6029183F9FB85469F324E5F72B3BC7C1B14D8E02F2ABD8921FD1EEDC900D73304CCF62A08776300C9513508
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........L..L..L..E.D.N.....O.....E.....D.....O.....N..L..m.....O....(.M..L.@.N.....M..RichL..........................PE..d....wg.........." ................`................................................q....`A.................................................(..P....P..X....@..........8_......(....!..p............................"..8............ ...............................text............................... ..`.rdata....... ......................@..@.data...H....0......................@....pdata.......@....... ..............@..@.rsrc...X....P......."..............@..@.reloc..(...........................@..B........................................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\bin\language\zLang_jp.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exe
                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):1057592
                                        Entropy (8bit):5.698758533018317
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:7EA3EACD4243264A7E09270223650B5E
                                        SHA1:B082E44FEBDD3FD96DD3584654EF6BB2D80693E0
                                        SHA-256:6E1132633224572F677AB6664955690FDA87BD924D8AA524986A1589839CF63E
                                        SHA-512:7ED561523552F4ADB78208756643BCE413384B7EC165DF317B6D29A42C2B5E90E7FDE5E9BB2CE273C7495B46E03C71FBE3F90369762DFB5B5FEB41DB2B0223FC
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........L..L..L..E.D.N.....O.....E.....D.....O.....N..L..m.....O....(.M..L.@.N.....M..RichL..........................PE..d....wg.........." ................`...............................................8.....`A.................................................(..P....P..x....@..........8_......(....!..p............................"..8............ ...............................text............................... ..`.rdata....... ......................@..@.data...H....0......................@....pdata.......@....... ..............@..@.rsrc...x....P......."..............@..@.reloc..(...........................@..B........................................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\bin\language\zLang_korean.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exe
                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):891192
                                        Entropy (8bit):5.969403253248616
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:927FE12686CFEDED537C1A127689E437
                                        SHA1:A3E49B8C041A2FAC63FD03C0ADC072965953B5B1
                                        SHA-256:0A3C59CB74725FA29B18B589F3CFBA2E6942B5C12BDA201AA2C887E4C4C36F13
                                        SHA-512:F62C01A5CAEC4EAC926B9613B91EB999EFCAFA8ED4E28AE2695EC528D196E31C8ABC316D8FF2E413F1A43B3E4C795C250EDBE634732A65379E899047247A0795
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........L..L..L..E.D.N.....O.....E.....D.....O.....N..L..m.....O....(.M..L.@.N.....M..RichL..........................PE..d....wg.........." ................`................................................m....`A.................................................(..P....P..`....@.......:..8_...p..(....!..p............................"..8............ ...............................text............................... ..`.rdata....... ......................@..@.data...H....0......................@....pdata.......@....... ..............@..@.rsrc...`....P......."..............@..@.reloc..(....p.......8..............@..B........................................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\bin\language\zLang_nl.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exe
                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):838968
                                        Entropy (8bit):5.253704187643565
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:D799462FE2179A5308847CE8CE2242EA
                                        SHA1:8EE9FE976C36ED1785F945A6E3F1DD9826A17278
                                        SHA-256:6FE48520D3DBEA1604F1F93E371AA29E8C498045286391E9CF7DC16FF3151BA4
                                        SHA-512:E847747D20C21FA0B68702008E70B32FC161AC39D53FCD936C12F4E2047BC1658812B04F65A59EACDC0E1DF7A93D1E0C228FA4B1730B770770E576562A7B555C
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........L..L..L..E.D.N.....O.....E.....D.....O.....N..L..m.....O....(.M..L.@.N.....M..RichL..........................PE..d....wg.........." .........b......`...............................................<.....`A.................................................(..P....P..8I...@.......n..8_......(....!..p............................"..8............ ...............................text............................... ..`.rdata....... ......................@..@.data...H....0......................@....pdata.......@....... ..............@..@.rsrc...8I...P...J..."..............@..@.reloc..(............l..............@..B........................................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\bin\language\zLang_pl.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exe
                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):873272
                                        Entropy (8bit):5.643938945207934
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:795690F9E2C1DB44251657ED3EE86C0C
                                        SHA1:2EFECBC712ED44B6CBFF145632B63A4E30D06C2F
                                        SHA-256:0317ECF510B9B067103102D184ED0F781D85B78039EA1F482C5651829FD16CCA
                                        SHA-512:4A0D0DD67281C06F8EB16F24F731D58CA41A04D0C1C3BC486D5719AE83623BD8C6E33DD5F7A1F48B79BFE3A805365E50D8E9ED8AA5B1D509CCD233810FD8A179
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........L..L..L..E.D.N.....O.....E.....D.....O.....N..L..m.....O....(.M..L.@.N.....M..RichL..........................PE..d....wg.........." ................`........................................0......*S....`A.................................................(..P....P.......@..........8_... ..(....!..p............................"..8............ ...............................text............................... ..`.rdata....... ......................@..@.data...H....0......................@....pdata.......@....... ..............@..@.rsrc........P......."..............@..@.reloc..(.... ......................@..B........................................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\bin\language\zLang_ptg.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exe
                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):865592
                                        Entropy (8bit):5.348027026755354
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:1EF52B2732F947A590A7994A2A086F95
                                        SHA1:1D3655C2FD128E651A2EB7D44B04744BE420FDAB
                                        SHA-256:D789AD6E4C48B9C9731C18A99E40E0C530C99092F7C2FFBB3FCF0F9DB79CAC3E
                                        SHA-512:169984E2329C42B0B088EE8416ABEAB04CBF1336FF753F587EBCA03A9350C4ECF043F81E40DCE9A5255B5EA3CD1D6E3A4FFA12E60A593698F5322E7A3DEB9277
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........L..L..L..E.D.N.....O.....E.....D.....O.....N..L..m.....O....(.M..L.@.N.....M..RichL..........................PE..d....wg.........." ................`........................................ ............`A.................................................(..P....P......@..........8_......(....!..p............................"..8............ ...............................text............................... ..`.rdata....... ......................@..@.data...H....0......................@....pdata.......@....... ..............@..@.rsrc.......P......."..............@..@.reloc..(...........................@..B........................................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\bin\language\zLang_ru.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exe
                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):1348920
                                        Entropy (8bit):4.92918452930625
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:07E2DDB05C5028F8D32CCD7E025FD57B
                                        SHA1:8730678605360A0096E7B5590374972ACBE95C27
                                        SHA-256:B90EFA70BEA0DFA0464B94698E2352BB381EA371787B2CAD4418EE2AEBA52284
                                        SHA-512:2411753C2E588BDE01CC28C025D76A8C08393E8F33DB6C81342767ADD07AD1B3A176700B58B3FC3A0B218CF88FE94A151A924C0050BBCAFFD613FDFCA3963356
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........L..L..L..E.D.N.....O.....E.....D.....O.....N..L..m.....O....(.M..L.@.N.....M..RichL..........................PE..d....wg.........." .........*......`.....................................................`A.................................................(..P....P.......@.......6..8_...p..(....!..p............................"..8............ ...............................text............................... ..`.rdata....... ......................@..@.data...H....0......................@....pdata.......@....... ..............@..@.rsrc........P......."..............@..@.reloc..(....p.......4..............@..B........................................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\bin\language\zLang_sv.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exe
                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):811832
                                        Entropy (8bit):5.398627440475327
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:157ADAD39259CB0CFBDB8C757F19167C
                                        SHA1:732FD4A2EF70067765EC037FE913EB1D312A9CE3
                                        SHA-256:E1147EF60E0E87E3277DDD111CD353ABA4C21F5D702668120A5E884C1BA270AA
                                        SHA-512:A464F62751670E302141D2C14E74A11586E1FAA21940FA18361B4D9A187779520A137F9FDB9E5EC1489AA8F0E14F4076FD1135539F99E3D077E2EF0CCB262BA1
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........L..L..L..E.D.N.....O.....E.....D.....O.....N..L..m.....O....(.M..L.@.N.....M..RichL..........................PE..d....wg.........." ................`........................................@......K.....`A.................................................(..P....P..@....@..........8_...0..(....!..p............................"..8............ ...............................text............................... ..`.rdata....... ......................@..@.data...H....0......................@....pdata.......@....... ..............@..@.rsrc...@....P......."..............@..@.reloc..(....0......................@..B........................................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\bin\language\zLang_tr.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exe
                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):856376
                                        Entropy (8bit):5.567677731290521
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:CEF148CB425F170C94AD8831D61A5DB7
                                        SHA1:F49AB18B0E31A34DC69A2CF74FBF12044654BD8F
                                        SHA-256:9CDD82AF3045F367653DF1B8CEBA6FC014E4C02F2CC64407B7E282CDD820FB77
                                        SHA-512:8BF43AC2E503E342795E48CF5512436697BF271F951390D81DEC5D4E163BDAB355E4C0EE805B3909A1FC2AC74DE826EC17F57362B4C391BC5C4DBDC607035C26
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........L..L..L..E.D.N.....O.....E.....D.....O.....N..L..m.....O....(.M..L.@.N.....M..RichL..........................PE..d....wg.........." ................`...............................................lU....`A.................................................(..P....P..X....@..........8_......(....!..p............................"..8............ ...............................text............................... ..`.rdata....... ......................@..@.data...H....0......................@....pdata.......@....... ..............@..@.rsrc...X....P......."..............@..@.reloc..(...........................@..B........................................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\bin\language\zLang_vi.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exe
                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):987960
                                        Entropy (8bit):5.745995302244744
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F07BEA06C0A4D64A7B5A7C0B5B6CD813
                                        SHA1:214F9A8122FB50EC942D397429320FC07A659402
                                        SHA-256:3B950A2572F2EE2586983CD84E4E95C9D2E04EB723BFC9E59F66C3306B0A1538
                                        SHA-512:77C6670565914F1E87ECA4E853FF8BBE255C5F0189BFC95C7F2D499E8E713E61E6EBC437565DA3C38DF6B8BD3B88C96D02719D27830F61A57E1CDEFBC1996F57
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........L..L..L..E.D.N.....O.....E.....D.....O.....N..L..m.....O....(.M..L.@.N.....M..RichL..........................PE..d....wg.........." ................`.....................................................`A.................................................(..P....P.......@..........8_......(....!..p............................"..8............ ...............................text............................... ..`.rdata....... ......................@..@.data...H....0......................@....pdata.......@....... ..............@..@.rsrc........P......."..............@..@.reloc..(...........................@..B........................................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\bin\language\zLang_zh_cn.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exe
                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):716600
                                        Entropy (8bit):6.448847730533951
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:1BC918693F16C1D72ABE3D1D3F29F17C
                                        SHA1:42716C3667FE34DAE908F3F6B898B1A0DFE940A2
                                        SHA-256:3FE0A94395A94B25A84A0A0117CBCF2BA8BDDDB313851E2E312B2DCB726A2413
                                        SHA-512:82120E41C2930FCBA7032F25344253EFC4BAEDCCA2DFCF3BABC202AE7B8E9C9C44C79C791C1297B1D5723B38937FBCB9E99BC5CCD25972624ACAECDFB80FE460
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........L..L..L..E.D.N.....O.....E.....D.....O.....N..L..m.....O....(.M..L.@.N.....M..RichL..........................PE..d....wg.........." ................`.....................................................`A.................................................(..P....P...k...@..........8_......(....!..p............................"..8............ ...............................text............................... ..`.rdata....... ......................@..@.data...H....0......................@....pdata.......@....... ..............@..@.rsrc....k...P...l..."..............@..@.reloc..(...........................@..B........................................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\bin\language\zLang_zh_tw.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exe
                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):736056
                                        Entropy (8bit):6.441971660223065
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:7DA98D4367463058FD96BA41D44111B7
                                        SHA1:13820BA80B2B04D19036DB3CAAE4C3ECF18C8CCE
                                        SHA-256:654812875A530C2DCB458C30EC37B7C6BBC28C595B5F0A153A53F41CAE7FF3DD
                                        SHA-512:08550A62918FF45756881CEEE9BEECFABAACC5A18ABE78A2AB88EA8DF4468AD92EAA29AFDEBECD328B0654D0D6941BEBC38A4E6C3A1A219A698932B1CD73CD7C
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........L..L..L..E.D.N.....O.....E.....D.....O.....N..L..m.....O....(.M..L.@.N.....M..RichL..........................PE..d....wg.........." ................`........................................ ......D.....`A.................................................(..P....P..h....@..........8_......(....!..p............................"..8............ ...............................text............................... ..`.rdata....... ......................@..@.data...H....0......................@....pdata.......@....... ..............@..@.rsrc...h....P......."..............@..@.reloc..(...........................@..B........................................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\bin\swscale_zm-6.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exe
                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):924984
                                        Entropy (8bit):5.975674803249169
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:D1D0ECB39F8A2C66FDDD1DC1ED3A178D
                                        SHA1:30395AED7937AB87B018E7CC16C2E4FAABC3E848
                                        SHA-256:E774233F18F57AC8A5F525F465156FA3DCFDAABFB6ACFE68D3E939E42B33E88F
                                        SHA-512:EAF9F0C9D009A111DFC6A099AF756D5855476BCF07E8E3D3B65BCD43DBE694B54F2D9739AC9C489626E4E48E21F4E105CEC1DC156491CEAF3DCEB5B0191BE85A
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........v.K...K...K...B...O.......I.......I.......G.......C.......H.......H...K.......K...L......._.......J......J.......J...RichK...................PE..d...<.*g.........." .........^...... ...............................................]L....`A.................................................T..x................X......8_......T...tY..8............................Y..8............P...............................text............................... ..`.rdata..@...........................@..@.data.......0......................@....pdata...b.......d..................@..@.idata..9....P.......~..............@..@.gfids..d....p......................@..@.00cfg..Q...........................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\bin\temp_psapp\avcodec_zm-59.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exe
                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):4379960
                                        Entropy (8bit):5.956593549208914
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:96273A903FFC2199C3FD17F52CCE1303
                                        SHA1:6C2DF7B6881D8F099E1A02535AAA8E5E124E66A8
                                        SHA-256:28A4812665EA6E38B1C3ECC1D1FB2201E8E702F031DE7AAD0C9C1AADEB9D118A
                                        SHA-512:F286E39405EB2E071322397562DA49AAC0D128748E31A2798FE55BEE58B422075B0CA86C678540E8F2B770A830E818850AFEAD05AE816C679A25EB222E094623
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........vn...=...=...=..=...=...<...=...=...=...<...=...<...=...<...=...<...=F..<..=F..<...=...=x..=...=...=F..<)..=F..<...=F..=...=F..<...=Rich...=........PE..d...=.*g.........." ......6..~"...............................................Y.......C...`A.........................................`@......X......0Y......`W......vB.8_...@Y.<....*>.8............................+>.8.............X..............................text....6.......6................. ..`.rdata........6.......6.............@..@.data.........@......n@.............@....pdata..h!...`W.."...~@.............@..@.idata...1....X..2....A.............@..@.gfids..P;....X..<....A.............@..@.00cfg..Q.....Y.......B.............@..@_RDATA..9.... Y.......B.............@..@.rsrc........0Y.......B.............@..@.reloc...Z...@Y..\....B.............@..B........................................................

                                        C:\Users\user\AppData\Roaming\Zoom\bin\temp_psapp\avutil_zm-57.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exe
                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):1056056
                                        Entropy (8bit):5.89127340744854
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:FC51D7DADC9290CA7D9D57A7C1719C5B
                                        SHA1:6645F0851C2D5E09DB6A6630FC83A85804F8CCD8
                                        SHA-256:48F3DE748FE03557257884D94518361AD642662615F381212165E1C99E359640
                                        SHA-512:BC8DB20B1A20E81E0541B400458E73237B769560919849DE19143746700775AEBB0F07545FE1245A7CB22444C1480844516DD2E54BCC1256EEE26EDEC05B8A2B
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......R.....~W..~W..~W...W..~WD..V..~Wp..W..~WD.{V..~WD.zV..~WD.}V..~WM..V..~W...W..~W..~W..~W.zVM.~W.~V..~W..W..~W.|V..~WRich..~W........PE..d...;.*g.........." .........(................................................$......s....`A........................................ ...$Q....#.,....@$.......#..K......8_...P$.....$...8...........................`...8.............#..............................text............................... ..`.rdata..D...........................@..@.data....k..........................@....pdata...T....#..V..................@..@.idata...!....#.."...R..............@..@.gfids........$......t..............@..@.00cfg..Q....0$.....................@..@.rsrc........@$.....................@..@.reloc...&...P$..(..................@..B................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\bin\temp_psapp\swresample_zm-4.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exe
                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):222008
                                        Entropy (8bit):5.731202875406446
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:06FE63583516F12E2401A994A1A1BA10
                                        SHA1:CBDF61391FF5F5B1060CB1B4A76AC7C70EF19173
                                        SHA-256:EFFF0DE8122F6F6CF794D1169919A0E69BBD9EABA5F9D9ECB5025AFA451AD195
                                        SHA-512:3513F0770B6C626A0E3FC0E4AD6849399A708971E6736F9F4BBF818B1D7808CB4CB089ACF974F714E5886AD06253FCD2FD2868D20BC6066EC0F28534CDCA6F83
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......`./.$.A.$.A.$.A.-.. .A.v.@.&.A...@.&.A.v.D.(.A.v.E.,.A.v.B.'.A..@.'.A.$.@.i.A.$.A.'.A..E.).A..A.%.A...%.A..C.%.A.Rich$.A.................PE..d...<.*g.........." .....2.......... ........................................p......L`....`A............................................a.......x....P..&.......8.......8_...`..8...d...8...............................8............................................text....0.......2.................. ..`.rdata..!....P.......6..............@..@.data...............................@....pdata..............................@..@.idata..............................@..@.gfids.......0......................@..@.00cfg..Q....@......................@..@.rsrc...&....P......................@..@.reloc.......`......................@..B........................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\bin\zApp.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exe
                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):2349880
                                        Entropy (8bit):6.394989863450429
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:468F1DE90A3B78D51DEFD079227CE330
                                        SHA1:A8D29A218DFE1112E516BF4B35EBF64347E143BE
                                        SHA-256:FE9FD57B79631E5E0B9C71F5B4E4078DD4A852ADEAB6BB7BB7045C37566FD29F
                                        SHA-512:3327EA29464A0D75262B28055F48FE857F59C1E2BA1B5B3B061087201410CC23B9EB2DB5FCFB5123D11D8A5C110E2873C49E889EDCDA7B215108AD4655BC98D6
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.........................B.............................................p......s..............s.......s.......s.........F.....s.......Rich............................PE..d.....wg.........." ................pN........................................$.......$...`A........................................0. .\..... .......#......."......|#.8_....#..3......p.......................(.......8............ ..0............................text............................... ..`.rdata....... ......................@..@.data........@!......(!.............@....pdata........"......V".............@..@.rsrc.........#......B#.............@..@.reloc...3....#..4...H#.............@..B................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\bin\zAppRes.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exe
                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):644920
                                        Entropy (8bit):6.765216210946507
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:82CA5E4E8C2C106975AA4BDDA1695CAD
                                        SHA1:93F79E7945AB53B9FE8E304C5C476D8F4731A19E
                                        SHA-256:61FD2663186A07C85304BCE0A309FC04E32EB0C25691D45D3CBACE60E18D4C58
                                        SHA-512:945C77D809B45ACEF63E04063946EBD5691198AB6835FCA302A379AD9E2087D15CF0A4C7BA0BB8965D0AD47A408B73429B2A097CD5756676E9AF840A6A9CF484
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........L...L...L...E.:.N.....O.....E.....D.....O.....N...L...m.....O.....V.M...L.>.M.....M...RichL...................PE..d....wg.........." .........l......`.....................................................`A.................................................(..P....P...R...@.......x..8_......(....!..p............................"..8............ ...............................text............................... ..`.rdata....... ......................@..@.data...H....0......................@....pdata.......@....... ..............@..@.rsrc....R...P...T..."..............@..@.reloc..(............v..............@..B................................................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\bin\zAppUI.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exe
                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):1679160
                                        Entropy (8bit):6.355550836522952
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:CDFEEC43FF600004047791211B63E921
                                        SHA1:7801AA187CF993B02921FAA357ED3411933DD75B
                                        SHA-256:86E28561497B5436857A50036D602EEB7A1CF65BD05513DCFC8D0B79282FED00
                                        SHA-512:3FB417F64841A53C731DD9DEE1772284A9DE1C09C69F6689BD5B0DC60EC679DADE2975D1CC5F4B2AD81C64A0A1AFB6A3F737F951B6768F77878BA880504DB42E
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$........................N.................................................................................$.....................".......J.............Rich............PE..d....wg.........." .........@...... .....................................................`A........................................`D..t....D..D.......p.... ..@....@..8_... ..Tk......T.......................(...0...8............0.../...........................text............................... ..`.rdata..>g...0...h..................@..@.data....~.......d..................@....pdata..@.... ......................@..@.rsrc...p...........................@..@.reloc..Tk... ...l..................@..B........................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\bin\zAppUISdk.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exe
                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):463672
                                        Entropy (8bit):6.708031383662315
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:AD9C75ABB23C6BB8846DCE407AD3201B
                                        SHA1:D9DDC129E6CCE980F220F1F94AB8689342B5EA6B
                                        SHA-256:1D382F6AD8F2ED00B889D8AB2207B2067ADA90198228F5B3C418961FEA50DB2B
                                        SHA-512:F56FFF1BEA5F441589EDB064617D7CEBA33E749C3FFBA5A5914D0859179F9D442F7378F0AFEAA55C835E62FD66A9CEA1E6515B8CB411863EF3BC9BF8167725D1
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^.....b...b...b......b.H.f...b.H.a...b.H.g...b.H.c...b.A.f...b.A.c...b...c...b...c...b...k...b...b...b.......b.......b...`...b.Rich..b.........PE..d....wg.........." .........,.......s..............................................a.....`A............................................|........................1......8_...........y..T....................{..(....z..8............................................text............................... ..`.rdata..............................@..@.data... ...........................@....pdata...1.......2..................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\bin\zCCIUI.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exe
                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):1155896
                                        Entropy (8bit):6.274066363447882
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:AE5A62DDE8798938A8DCB1F31F59B792
                                        SHA1:0996F5FB00EE42D098D83BC979B978A213F7E4B0
                                        SHA-256:CFEFB694FF7C77DE54430BE645E5677B9D5C51E71C62932E40B5A0E29F0481E7
                                        SHA-512:75D3B5721441FD472DC9E7D0351B973F0004A1D5194E15F3A68781391D60DBC6B22FE9B59034480CE83A1CFACD3CF4E6EC9295D32583409F5D4CE8E98BC4E03E
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........-6..LX.LX.LX.4..LX..9\.LX..9[.LX..9Y.LX..9].LX..$\.LX..$^.LX..$Y.LX.L9Y.LX.LY.IX.L9Q.LX.L9X.LX.L9..LX.L..LX.L9Z.LX.Rich.LX.................PE..d....wg.........." .....v................................................................`A........................................Pw..p....w.......P...........X...D..8_...`..d*......p.......................(.......8...............8&...........................text....t.......v.................. ..`.rdata..r............z..............@..@.data....J.......6..................@....pdata...X.......Z..................@..@.rsrc........P......................@..@.reloc..d*...`...,..................@..B................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\bin\zCustomizeMeetingUI.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exe
                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):185656
                                        Entropy (8bit):6.301995302860349
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:1163B39EBF6D884363BFEA6259C58093
                                        SHA1:56C001CB00C9FBA6A386AB0DBE77F627A2651DC7
                                        SHA-256:0619B66738519A682F8AAEBFFC80401B4FCB633453F771232AA6E1FF4D769378
                                        SHA-512:F575BADF234071D8F18E4CE93A2B055E58EFA2E0850A44DAC954F68CAA631D90F4FEDE4D9C5675B7C83391EAD2B7C21FB147F7E61AF1924C147CA7A1626F8E22
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......m].)<..)<..)<.. D".#<..{I..!<..{I..-<..{I../<..{I..4<..rT..(<..rT..'<...I...<..)<...=...I..9<...I..(<...IN.(<..)<&.(<...I..(<..Rich)<..........................PE..d.....wg.........." ......................................................................`A.........................................,......@-..|....................v..8_..............p.......................(...p...8...............`............................text...L........................... ..`.rdata.............................@..@.data...x....`.......@..............@....pdata...............N..............@..@.rsrc................b..............@..@.reloc...............h..............@..B................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\bin\zPSUI.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exe
                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):865080
                                        Entropy (8bit):6.167550727662699
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:E63C7C960A07A705BE37A2431FA0D7B0
                                        SHA1:4D2E90EDFBA97D8F404474AB8F83E509673CD978
                                        SHA-256:7B4F1DA548BE3CCCEFAB32C18F74EF26BA9BA04F18CE0A1AB6ED7DAAD01C6A81
                                        SHA-512:EFBEF234D6F1CA12ACD296A91741AD7313D2A8FFE4A3EDB1D525ABA06482CF825DF10DECBE495B3D626924B89CA344C0F2CCBCA3250920220D95D2B5B7073853
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......m...).vL).vL).vL ..L%.vL{.rM!.vL{.uM-.vL{.sM..vL{.wM/.vL..rM*.vL..wM?.vL..wM<.vL).wL..vL...M|.vL..vM(.vL..L(.vL)..L(.vL..tM(.vLRich).vL........................PE..d...w.wg.........." .........<......PH....................................................`A........................................`...\.......X............`..@P......8_......(=...s..p....................u..(... t..8...............8)...........................text............................... ..`.rdata...X.......Z..................@..@.data... K.......B..................@....pdata..@P...`...R...>..............@..@.rsrc...............................@..@.reloc..(=.......>..................@..B................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\bin\zoom_meeting_bridge.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exe
                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):1602360
                                        Entropy (8bit):6.193057712442336
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:9A913C29A0BEAAACEF9A0763ED662E8F
                                        SHA1:4B9EA40AE4138CCB548EE4892302CBF53D04C0C7
                                        SHA-256:B3832B0B238B0BB7B48436D237B2E335A17E022D0F610BA880974FFA7FFF176F
                                        SHA-512:31E2F7B7B71A6219F8E97DA0D0DBB0D945A16149F9A23D05ACC8F2C10EB822D06EFDF8C9DFEE006FEF9F76CC732DAD3E6EF9E3F69D53DF9AA326AE1EC918AD67
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........$.m.E.>.E.>.E.>.=Z>.E.>.0.?.E.>.0.?.E.>.0.?.E.>.0.?.E.>.-.?.E.>.0.?.E.>.E.><E.>.0.?.E.>.0.?.E.>.06>.E.>.E^>.E.>.0.?.E.>Rich.E.>................PE..d...x.wg.........." .........<...... .....................................................`A................................................<...........h....`..$.......8_... ...R..0...p.......................(.......8............ ..(............................text...\........................... ..`.rdata....... ......................@..@.data............T..................@....pdata..$....`......................@..@.rsrc...h...........................@..@.reloc...R... ...T..................@..B................................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\data\Zoom.us.ini

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exe
                                        File Type:ASCII text, with very long lines (377), with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):420
                                        Entropy (8bit):5.697706337447645
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:4B7E05DABDDC59F992C403BE7B79B30E
                                        SHA1:FBDCF81932CAAC1E1E5F50572C6328D3350774EC
                                        SHA-256:173A7052D9FFCEE7FA7F015902F9978C3CD430407FB287D123EE0D221CB4F90A
                                        SHA-512:FCE3053598760DC01802ECCC277BEFFE5B9B903CA32D5898FA6305060E0AC74C990FF4391BE4E05F553B423F9CE812036D677BBDF26E2E49FCACACC676D740EA
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:[ZoomChat]..win_osencrypt_key=ZWOSKEYAQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAtn30ha3js0Opuzw5CvealgAAAAACAAAAAAAQZgAAAAEAACAAAACF5556S45QXRff9TREqRk6XwJ6wFNPzdtPr7QuVgvfOQAAAAAOgAAAAAIAACAAAADSBShej3+LNo1WuPuXYHYw5HCdJxhc5BUnJQ7MBMmgCjAAAACjwHNe/sMZx7XaTUJe36CORenUE129OQADkioRdXlsOs0FmDMszVUb78CNpk/lo8VAAAAAX5y/HaNmQq2z9VP+8E3saxIYsE9NWljY8zE7/lkUxOhPkGJ3zcmPJ6chOBCCtr6lkbEpf1i5fLNpjdzCoKH7ZQ==..com.zoom.client.langid=1033..

                                        C:\Users\user\AppData\Roaming\Zoom\data\viper.ini

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):78
                                        Entropy (8bit):4.544293726902962
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:C19801A3A6F448F042A518A67AFC34B5
                                        SHA1:45F2E7B20D92C71D91A6B1F4B9C20C408C177BCA
                                        SHA-256:CB353C602789B4745C87F5503E5043298B6B4B6D238143C3CD490916F8B8E2D4
                                        SHA-512:E5824273A77968DA31ED808C1AD480E6ECF839993ACC68B46C1A889AECEC7A53BFF4C2858BA8C925586C47B80BC51FEEF073B952C197A9DFD5DB482DADE4F038
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:[APE]..Manufacturer=7a2053687837563150574b205a4344..Model=76347566686d327a....

                                        C:\Users\user\AppData\Roaming\Zoom\data\zoomus.enc.db-journal

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exe
                                        File Type:SQLite Rollback Journal
                                        Category:dropped
                                        Size (bytes):2576
                                        Entropy (8bit):7.05167117254508
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:A87B8BA5A0568EBFADD694233AC8E6CD
                                        SHA1:EA8E0800C07520E314F2341483F85765419E87DB
                                        SHA-256:81C63A1F0D2D1812C434339674BE96AFB364D8D68627FF776A3C90EE5E6CB70B
                                        SHA-512:461F2CE42417A0332BD078B1C1BDD0179394E4289DAD60B518CBC30B9CB01C74C877706BCCF8FF30354389EB11D28237193B2BDB8ED49A3284953FA455F43D81
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:.... .c...........[................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................ce.].`..pf.S...+.yO_.....b.c.fA...n........(es}.A.(.k.WTCfi.....r...u[..*.06..aXX.<..'=U.e............N.$._..8.e8}...sp..+....KG+.....h.k...Hm'....K...G.+....gd....i..|7..*C.M.rX.C..U.x..@.#.G.k..cx8........:..._D....$P#.4AW.tl-..r.c..*.;.d.v....:...V.!Z.q......../k.b..b.XrsW.v....|.`.....4..YV..n.'j........72.{.H.k.B.~.'!....../.../r....~.F...l.S..;...6.......:.p.P.`Z...m...... .u...7.+..?..E...R@....n...w...$. ....gQ.q\H.FpM[\...cK..oL.+.].!MA.g.."

                                        C:\Users\user\AppData\Roaming\Zoom\data\zoomus.tmp.enc.db-journal

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\bin\Zoom.exe
                                        File Type:SQLite Rollback Journal
                                        Category:dropped
                                        Size (bytes):2576
                                        Entropy (8bit):7.054832301538316
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:B9B967BAFB59F43B823DF40F6F994BA9
                                        SHA1:6EDBCF826BD2A6D2798C05E9609DA2995715BF7E
                                        SHA-256:AD342965AC716B90766819886C6401AAA017ABD729E145143B7E65D4DDD2A0F0
                                        SHA-512:9A2D027CFD6C8432A48D95831C4A38B8C336B743DBBDA9A2A98E7DBF70E7095CB4384D3ACF7C9FC552A73F8C36D9A466562C96F7599337B41E40CD9034A4C982
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:.... .c.....U.,2.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................-.|j*...w.}..%.....I.:.C.[............`..d...#G..a.,....\.Q.........c........*.9+/.oJ{..$C.i..:.[-.lF...D. ..).W.....,z?J...1..<........:=c..\w....A#.[.....Q.M.Ua...1..........9.A.N.2...V(n...`.p..y,r.X..E4\...C.........&......Qv.|D.^.v0....p~F...........=.r.m.bv.m.W{......Q.....Cz..j..\...hQ..:QU.o.^.t..kP.?"=.0...r......]...`.S.".-%</..Ny.Db..sf..u.Q..1I..2EI...qy.....d...$....6$...b....:.$Q...*.L:."l!T...W.j...q.3=..q..OKj...P.4.DI..[.NT(.1.i

                                        C:\Users\user\AppData\Roaming\Zoom\installer.txt

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:ASCII text, with very long lines (376), with CRLF line terminators
                                        Category:modified
                                        Size (bytes):18432
                                        Entropy (8bit):5.340582695935059
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:5CFCE56DEB0C05880ED6F0491B9A8CAD
                                        SHA1:16F377CE2276474C25ECC0CDE9AD62A8EF9FD4DE
                                        SHA-256:3CC7C1E8FCF09631DC36AA0BD1C6AA8618CA9120BB02AFB5738B4089A8D09898
                                        SHA-512:533073EA25BF95E7CBDF9910014D525C4F74242F1A6B91228BBB4951D64C95AD6A80D7C684C8BEF9E48C4E409C0B4F6110F5549F98E878F6ED4BA5EB7A3B3336
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:[8188:7180 ] [ INFO ] [18:47:14.389] C:\jenkins\workspace\Client.den\Client\Windows\release\win-common\src\installer\NoMSIInstaller\Installer.cpp(98)::[Main] start, current time: [2025/1/9-18:47:14:389], version: [6.3.5.54827]..[8188:7180 ] [ INFO ] [18:47:14.389] C:\jenkins\workspace\Client.den\Client\Windows\release\win-common\src\installer\NoMSIInstaller\Installer.cpp(103)::[Main] Command line parameter:ZInstaller --conf.mode=silent --ipc_wnd=262910..[8188:7180 ] [ INFO ] [18:47:14.404] C:\jenkins\workspace\Client.den\Client\Windows\release\win-common\src\installer\NoMSIInstaller\SaaSbeeInstaller.cpp(235)::[CSaaSbeeInstaller::Init] Created window:00000000001A03D6..[8188:7180 ] [ INFO ] [18:47:14.516] C:\jenkins\workspace\Client.den\Client\Windows\release\win-common\src\installer\NoMSIInstaller\InstallerManager.cpp(2536)::[CInstallerManager::CheckEXEVersion] Cannot find EXE products or version..[8188:7180 ] [ INFO ] [18:47:14.739] C:\jenkins\workspace\Client.den\Client\Windows\r

                                        C:\Users\user\AppData\Roaming\Zoom\tmp_bin\CmmBrowserEngine.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):199480
                                        Entropy (8bit):6.18056365702722
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:B9274FDA6B5C16D36C3A0DB3D104451B
                                        SHA1:1D2E60DD977F25A61C5040263EBF4C072AE23CFC
                                        SHA-256:F10BCA250D97FCEDC0EC85E0C0956115328DB8A31920D99F3CBD7C3EE897BCC3
                                        SHA-512:028B91AF8C8CA10E971B5F895C2788542E208A80C8A518AD89A2B9D0A61EADD45EBF028D751A48FDD6B516D2261FCC558DDBD45DF191FAD6D2AFC2834DA951AE
                                        Malicious:false
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 0%
                                        Reputation:unknown
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........R.x...x...x....r..x.......x.......x.......x.......x.......x.......x..~....x...x...y..~....x..~....x..~....x...xv..x..~....x..Rich.x..................PE..d....wg.........." .........&......0|....................................................`A.........................................I......XJ..@.......p...............8_..........P...p.......................(.......8...............h............................text............................... ..`.rdata..R...........................@..@.data...x/...p...(...^..............@....pdata..............................@..@.rsrc...p...........................@..@.reloc..............................@..B........................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\tmp_bin\Cmmlib.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):2669368
                                        Entropy (8bit):6.547933840847185
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:0C00CAF236CF24413E83A06F5AAFA586
                                        SHA1:1AF94F78246BFB6F2750A872145795E994CD56A8
                                        SHA-256:7C773FA419658BCF35C41A0F35FBFC4908861012AA2F2261B6EBE566B7B1DA6E
                                        SHA-512:F6535DB3A7B5CD0662D4793888D84066E01DCCCCDC57825D2742E8A53BB2D84CE6251C5170AA05FD89362B7665D4C7207F4E589CF8494EEE9A0DBD422F6ECF23
                                        Malicious:false
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 0%
                                        Reputation:unknown
                                        Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.............~...~...~.....~...z...~...}...~...{...~.......~.......~...z...~...x...~.......~...{...~.......~.......~.......~...w...~...~...~.......~......~...|...~.Rich..~.........PE..d.....wg.........." ................p.........................................(......8)...`A.........................................4..LT....%......@(.h....0'......\(.8_...P(.HS..`...p.......................(......8............................................text...l........................... ..`.rdata..............................@..@.data...@E....%..4....%.............@....pdata.......0'.......&.............@..@.rsrc...h....@(.......(.............@..@.reloc..HS...P(..T....(.............@..B................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\tmp_bin\CptHost.exe (copy)

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):0
                                        Entropy (8bit):0.0
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F2BE2DFB56D07E2600250FAE646FB4B9
                                        SHA1:8EEB621C33515984384938116285FF85C6CA0600
                                        SHA-256:D20C2FF1750C29D0A72B297033518DA70B5C41D805B34FE9EDCCB64027935782
                                        SHA-512:74975A31A4BFEFD613A7F6AFFFF3C9DE20C125C09AC5F835C0E9FFD07B6A9B10A570E15D17EAD876725DA7641B40C726E38CB4729DF28A486414C642C6F3FF2E
                                        Malicious:false
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 0%
                                        Reputation:unknown
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......B..L...........5....T......T......T......T......]......].........B...............Y......1..........Rich...........PE..d....wg.........." .....:...<......p?....................................................`A.........................................g.......h..........p............r..8_......$... X..p............................X..8............P...............................text....9.......:.................. ..`.rdata... ...P..."...>..............@..@.data...`............`..............@....pdata...............b..............@..@.rsrc...p............h..............@..@.reloc..$............p..............@..B........................................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\tmp_bin\api-ms-win-core-console-l1-1-0.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):12224
                                        Entropy (8bit):6.596101286914553
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:919E653868A3D9F0C9865941573025DF
                                        SHA1:EFF2D4FF97E2B8D7ED0E456CB53B74199118A2E2
                                        SHA-256:2AFBFA1D77969D0F4CEE4547870355498D5C1DA81D241E09556D0BD1D6230F8C
                                        SHA-512:6AEC9D7767EB82EBC893EBD97D499DEBFF8DA130817B6BB4BCB5EB5DE1B074898F87DB4F6C48B50052D4F8A027B3A707CAD9D7ED5837A6DD9B53642B8A168932
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...Y.=i.........." .........................................................0......a.....`.........................................`...,............ ...................!..............T............................................................................rdata..P...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\tmp_bin\api-ms-win-core-console-l1-2-0.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):12224
                                        Entropy (8bit):6.640081558424349
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:7676560D0E9BC1EE9502D2F920D2892F
                                        SHA1:4A7A7A99900E41FF8A359CA85949ACD828DDB068
                                        SHA-256:00942431C2D3193061C7F4DC340E8446BFDBF792A7489F60349299DFF689C2F9
                                        SHA-512:F1E8DB9AD44CD1AA991B9ED0E000C58978EB60B3B7D9908B6EB78E8146E9E12590B0014FC4A97BC490FFE378C0BF59A6E02109BFD8A01C3B6D0D653A5B612D15
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d....y1..........." .........................................................0...........`.........................................`................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\tmp_bin\api-ms-win-core-datetime-l1-1-0.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):11712
                                        Entropy (8bit):6.6023398138369505
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:AC51E3459E8FCE2A646A6AD4A2E220B9
                                        SHA1:60CF810B7AD8F460D0B8783CE5E5BBCD61C82F1A
                                        SHA-256:77577F35D3A61217EA70F21398E178F8749455689DB52A2B35A85F9B54C79638
                                        SHA-512:6239240D4F4FA64FC771370FB25A16269F91A59A81A99A6A021B8F57CA93D6BB3B3FCECC8DEDE0EF7914652A2C85D84D774F13A4143536A3F986487A776A2EAE
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d.....Ab.........." .........................................................0......d.....`.........................................`................ ...................!..............T............................................................................rdata..4...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\tmp_bin\api-ms-win-core-debug-l1-1-0.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):11720
                                        Entropy (8bit):6.614262942006268
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:B0E0678DDC403EFFC7CDC69AE6D641FB
                                        SHA1:C1A4CE4DED47740D3518CD1FF9E9CE277D959335
                                        SHA-256:45E48320ABE6E3C6079F3F6B84636920A367989A88F9BA6847F88C210D972CF1
                                        SHA-512:2BADF761A0614D09A60D0ABB6289EBCBFA3BF69425640EB8494571AFD569C8695AE20130AAC0E1025E8739D76A9BFF2EFC9B4358B49EFE162B2773BE9C3E2AD4
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................." .........................................................0............`.........................................`................ ...................!..............T............................................................................rdata..@...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\tmp_bin\api-ms-win-core-errorhandling-l1-1-0.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):11720
                                        Entropy (8bit):6.654155040985372
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:94788729C9E7B9C888F4E323A27AB548
                                        SHA1:B0BA0C4CF1D8B2B94532AA1880310F28E87756EC
                                        SHA-256:ACCDD7455FB6D02FE298B987AD412E00D0B8E6F5FB10B52826367E7358AE1187
                                        SHA-512:AB65495B1D0DD261F2669E04DC18A8DA8F837B9AC622FC69FDE271FF5E6AA958B1544EDD8988F017D3DD83454756812C927A7702B1ED71247E506530A11F21C6
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d....:.[.........." .........................................................0......~.....`.........................................`................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\tmp_bin\api-ms-win-core-file-l1-1-0.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):15304
                                        Entropy (8bit):6.548897063441128
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:580D9EA2308FC2D2D2054A79EA63227C
                                        SHA1:04B3F21CBBA6D59A61CD839AE3192EA111856F65
                                        SHA-256:7CB0396229C3DA434482A5EF929D3A2C392791712242C9693F06BAA78948EF66
                                        SHA-512:97C1D3F4F9ADD03F21C6B3517E1D88D1BF9A8733D7BDCA1AECBA9E238D58FF35780C4D865461CC7CD29E9480B3B3B60864ABB664DCDC6F691383D0B281C33369
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................." .........................................................@............`.........................................`................0...................!..............T............................................................................rdata..(...........................@..@.rsrc........0......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\tmp_bin\api-ms-win-core-file-l1-2-0.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):11712
                                        Entropy (8bit):6.622041192039296
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:35BC1F1C6FBCCEC7EB8819178EF67664
                                        SHA1:BBCAD0148FF008E984A75937AADDF1EF6FDA5E0C
                                        SHA-256:7A3C5167731238CF262F749AA46AB3BFB2AE1B22191B76E28E1D7499D28C24B7
                                        SHA-512:9AB9B5B12215E57AF5B3C588ED5003D978071DC591ED18C78C4563381A132EDB7B2C508A8B75B4F1ED8823118D23C88EDA453CD4B42B9020463416F8F6832A3D
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................." .........................................................0......./....`.........................................`...L............ ...................!..............T............................................................................rdata..l...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\tmp_bin\api-ms-win-core-file-l2-1-0.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):11720
                                        Entropy (8bit):6.730719514840594
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:3BF4406DE02AA148F460E5D709F4F67D
                                        SHA1:89B28107C39BB216DA00507FFD8ADB7838D883F6
                                        SHA-256:349A79FA1572E3538DFBB942610D8C47D03E8A41B98897BC02EC7E897D05237E
                                        SHA-512:5FF6E8AD602D9E31AC88E06A6FBB54303C57D011C388F46D957AEE8CD3B7D7CCED8B6BFA821FF347ADE62F7359ACB1FBA9EE181527F349C03D295BDB74EFBACE
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................" .........................................................0............`.........................................`................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\tmp_bin\api-ms-win-core-handle-l1-1-0.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):11720
                                        Entropy (8bit):6.626458901834476
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:BBAFA10627AF6DFAE5ED6E4AEAE57B2A
                                        SHA1:3094832B393416F212DB9107ADD80A6E93A37947
                                        SHA-256:C78A1217F8DCB157D1A66B80348DA48EBDBBEDCEA1D487FC393191C05AAD476D
                                        SHA-512:D5FCBA2314FFE7FF6E8B350D65A2CDD99CA95EA36B71B861733BC1ED6B6BB4D85D4B1C4C4DE2769FBF90D4100B343C250347D9ED1425F4A6C3FE6A20AED01F17
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...>G.j.........." .........................................................0............`.........................................`...`............ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\tmp_bin\api-ms-win-core-heap-l1-1-0.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):12232
                                        Entropy (8bit):6.577869728469469
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:3A4B6B36470BAD66621542F6D0D153AB
                                        SHA1:5005454BA8E13BAC64189C7A8416ECC1E3834DC6
                                        SHA-256:2E981EE04F35C0E0B7C58282B70DCC9FC0318F20F900607DAE7A0D40B36E80AF
                                        SHA-512:84B00167ABE67F6B58341045012723EF4839C1DFC0D8F7242370C4AD9FABBE4FEEFE73F9C6F7953EAE30422E0E743DC62503A0E8F7449E11C5820F2DFCA89294
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................" .........................................................0......M.....`.........................................`................ ...................!..............T............................................................................rdata..(...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\tmp_bin\api-ms-win-core-interlocked-l1-1-0.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):11712
                                        Entropy (8bit):6.6496318655699795
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:A038716D7BBD490378B26642C0C18E94
                                        SHA1:29CD67219B65339B637A1716A78221915CEB4370
                                        SHA-256:B02324C49DD039FA889B4647331AA9AC65E5ADC0CC06B26F9F086E2654FF9F08
                                        SHA-512:43CB12D715DDA4DCDB131D99127417A71A16E4491BC2D5723F63A1C6DFABE578553BC9DC8CF8EFFAE4A6BE3E65422EC82079396E9A4D766BF91681BDBD7837B1
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...*............." .........................................................0......-.....`.........................................`................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\tmp_bin\api-ms-win-core-libraryloader-l1-1-0.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):12736
                                        Entropy (8bit):6.587452239016064
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:D75144FCB3897425A855A270331E38C9
                                        SHA1:132C9ADE61D574AA318E835EB78C4CCCDDEFDEA2
                                        SHA-256:08484ED55E43584068C337281E2C577CF984BB504871B3156DE11C7CC1EEC38F
                                        SHA-512:295A6699529D6B173F686C9BBB412F38D646C66AAB329EAC4C36713FDD32A3728B9C929F9DCADDE562F625FB80BC79026A52772141AD2080A0C9797305ADFF2E
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d......c.........." .........................................................0......V`....`.........................................`................ ...................!..............T............................................................................rdata..<...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\tmp_bin\api-ms-win-core-louserzation-l1-2-0.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):14280
                                        Entropy (8bit):6.658205945107734
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:8ACB83D102DABD9A5017A94239A2B0C6
                                        SHA1:9B43A40A7B498E02F96107E1524FE2F4112D36AE
                                        SHA-256:059CB23FDCF4D80B92E3DA29E9EF4C322EDF6FBA9A1837978FD983E9BDFC7413
                                        SHA-512:B7ECF60E20098EA509B76B1CC308A954A6EDE8D836BF709790CE7D4BD1B85B84CF5F3AEDF55AF225D2D21FBD3065D01AA201DAE6C131B8E1E3AA80ED6FC910A4
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................" .........................................................0......._....`.........................................`................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\tmp_bin\api-ms-win-core-memory-l1-1-0.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):12224
                                        Entropy (8bit):6.621310788423453
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:808F1CB8F155E871A33D85510A360E9E
                                        SHA1:C6251ABFF887789F1F4FC6B9D85705788379D149
                                        SHA-256:DADBD2204B015E81F94C537AC7A36CD39F82D7C366C193062210C7288BAA19E3
                                        SHA-512:441F36CA196E1C773FADF17A0F64C2BBDC6AF22B8756A4A576E6B8469B4267E942571A0AE81F4B2230B8DE55702F2E1260E8D0AFD5447F2EA52F467F4CAA9BC6
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...f092.........." .........................................................0............`.........................................`...l............ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\tmp_bin\api-ms-win-core-namedpipe-l1-1-0.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):11720
                                        Entropy (8bit):6.7263193693903345
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:CFF476BB11CC50C41D8D3BF5183D07EC
                                        SHA1:71E0036364FD49E3E535093E665F15E05A3BDE8F
                                        SHA-256:B57E70798AF248F91C8C46A3F3B2952EFFAE92CA8EF9640C952467BC6726F363
                                        SHA-512:7A87E4EE08169E9390D0DFE607E9A220DC7963F9B4C2CDC2F8C33D706E90DC405FBEE00DDC4943794FB502D9882B21FAAE3486BC66B97348121AE665AE58B01C
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d.....%..........." .........................................................0......[.....`.........................................`................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\tmp_bin\api-ms-win-core-processenvironment-l1-1-0.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):12744
                                        Entropy (8bit):6.601327134572443
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F43286B695326FC0C20704F0EEBFDEA6
                                        SHA1:3E0189D2A1968D7F54E721B1C8949487EF11B871
                                        SHA-256:AA415DB99828F30A396CBD4E53C94096DB89756C88A19D8564F0EED0674ADD43
                                        SHA-512:6EAD35348477A08F48A9DEB94D26DA5F4E4683E36F0A46117B078311235C8B9B40C17259C2671A90D1A210F73BF94C9C063404280AC5DD5C7F9971470BEAF8B7
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................" .........................................................0.......Z....`.........................................`...H............ ...................!..............T............................................................................rdata..x...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\tmp_bin\api-ms-win-core-processthreads-l1-1-0.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):14272
                                        Entropy (8bit):6.519411559704781
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:E173F3AB46096482C4361378F6DCB261
                                        SHA1:7922932D87D3E32CE708F071C02FB86D33562530
                                        SHA-256:C9A686030E073975009F993485D362CC31C7F79B683DEF713E667D13E9605A14
                                        SHA-512:3AAFEFD8A9D7B0C869D0C49E0C23086115FD550B7DC5C75A5B8A8620AD37F36A4C24D2BF269043D81A7448C351FF56CB518EC4E151960D4F6BD655C38AFF547F
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...j............." .........................................................0......%C....`.........................................`................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\tmp_bin\api-ms-win-core-processthreads-l1-1-1.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):12232
                                        Entropy (8bit):6.659079053710614
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:9C9B50B204FCB84265810EF1F3C5D70A
                                        SHA1:0913AB720BD692ABCDB18A2609DF6A7F85D96DB3
                                        SHA-256:25A99BDF8BF4D16077DC30DD9FFEF7BB5A2CEAF9AFCEE7CF52AD408355239D40
                                        SHA-512:EA2D22234E587AD9FA255D9F57907CC14327EAD917FDEDE8B0A38516E7C7A08C4172349C8A7479EC55D1976A37E520628006F5C362F6A3EC76EC87978C4469CD
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................" .........................................................0......6y....`.........................................`................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\tmp_bin\api-ms-win-core-profile-l1-1-0.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):11200
                                        Entropy (8bit):6.7627840671368835
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:0233F97324AAAA048F705D999244BC71
                                        SHA1:5427D57D0354A103D4BB8B655C31E3189192FC6A
                                        SHA-256:42F4E84073CF876BBAB9DD42FD87124A4BA10BB0B59D2C3031CB2B2DA7140594
                                        SHA-512:8339F3C0D824204B541AECBD5AD0D72B35EAF6717C3F547E0FD945656BCB2D52E9BD645E14893B3F599ED8F2DE6D3BCBEBF3B23ED43203599AF7AFA5A4000311
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d....f............" .........................................................0.......>....`.........................................`................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\tmp_bin\api-ms-win-core-rtlsupport-l1-1-0.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):12224
                                        Entropy (8bit):6.590253878523919
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:E1BA66696901CF9B456559861F92786E
                                        SHA1:D28266C7EDE971DC875360EB1F5EA8571693603E
                                        SHA-256:02D987EBA4A65509A2DF8ED5DD0B1A0578966E624FCF5806614ECE88A817499F
                                        SHA-512:08638A0DD0FB6125F4AB56E35D707655F48AE1AA609004329A0E25C13D2E71CB3EDB319726F10B8F6D70A99F1E0848B229A37A9AB5427BFEE69CD890EDFB89D2
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...._............" .........................................................0.......S....`.........................................`................ ...................!..............T............................................................................rdata..<...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\tmp_bin\api-ms-win-core-string-l1-1-0.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):11720
                                        Entropy (8bit):6.672720452347989
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:7A15B909B6B11A3BE6458604B2FF6F5E
                                        SHA1:0FEB824D22B6BEEB97BCE58225688CB84AC809C7
                                        SHA-256:9447218CC4AB1A2C012629AAAE8D1C8A428A99184B011BCC766792AF5891E234
                                        SHA-512:D01DD566FF906AAD2379A46516E6D060855558C3027CE3B991056244A8EDD09CE29EACEC5EE70CEEA326DED7FC2683AE04C87F0E189EBA0E1D38C06685B743C9
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d.....<.........." .........................................................0.......g....`.........................................`................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\tmp_bin\api-ms-win-core-synch-l1-1-0.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):13760
                                        Entropy (8bit):6.575688560984027
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:6C3FCD71A6A1A39EAB3E5C2FD72172CD
                                        SHA1:15B55097E54028D1466E46FEBCA1DBB8DBEFEA4F
                                        SHA-256:A31A15BED26232A178BA7ECB8C8AA9487C3287BB7909952FC06ED0D2C795DB26
                                        SHA-512:EF1C14965E5974754CC6A9B94A4FA5107E89966CB2E584CE71BBBDD2D9DC0C0536CCC9D488C06FA828D3627206E7D9CC8065C45C6FB0C9121962CCBECB063D4F
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d......c.........." .........................................................0............`.........................................`...X............ ...................!..............T............................................................................rdata..|...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\tmp_bin\api-ms-win-core-synch-l1-2-0.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):12232
                                        Entropy (8bit):6.70261983917014
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:D175430EFF058838CEE2E334951F6C9C
                                        SHA1:7F17FBDCEF12042D215828C1D6675E483A4C62B1
                                        SHA-256:1C72AC404781A9986D8EDEB0EE5DD39D2C27CE505683CA3324C0ECCD6193610A
                                        SHA-512:6076086082E3E824309BA2C178E95570A34ECE6F2339BE500B8B0A51F0F316B39A4C8D70898C4D50F89F3F43D65C5EBBEC3094A47D91677399802F327287D43B
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................." .........................................................0......G.....`.........................................`...x............ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\tmp_bin\api-ms-win-core-sysinfo-l1-1-0.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):12744
                                        Entropy (8bit):6.599515320379107
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:9D43B5E3C7C529425EDF1183511C29E4
                                        SHA1:07CE4B878C25B2D9D1C48C462F1623AE3821FCEF
                                        SHA-256:19C78EF5BA470C5B295DDDEE9244CBD07D0368C5743B02A16D375BFB494D3328
                                        SHA-512:C8A1C581C3E465EFBC3FF06F4636A749B99358CA899E362EA04B3706EAD021C69AE9EA0EFC1115EAE6BBD9CF6723E22518E9BEC21F27DDAAFA3CF18B3A0034A7
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...r............" .........................................................0............`.........................................`...H............ ...................!..............T............................................................................rdata..l...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\tmp_bin\api-ms-win-core-timezone-l1-1-0.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):12232
                                        Entropy (8bit):6.690164913578267
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:43E1AE2E432EB99AA4427BB68F8826BB
                                        SHA1:EEE1747B3ADE5A9B985467512215CAF7E0D4CB9B
                                        SHA-256:3D798B9C345A507E142E8DACD7FB6C17528CC1453ABFEF2FFA9710D2FA9E032C
                                        SHA-512:40EC0482F668BDE71AEB4520A0709D3E84F093062BFBD05285E2CC09B19B7492CB96CDD6056281C213AB0560F87BD485EE4D2AEEFA0B285D2D005634C1F3AF0B
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d....Y$..........." .........................................................0.......d....`.........................................`...H............ ...................!..............T............................................................................rdata..l...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\tmp_bin\api-ms-win-core-util-l1-1-0.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):11720
                                        Entropy (8bit):6.615761482304143
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:735636096B86B761DA49EF26A1C7F779
                                        SHA1:E51FFBDDBF63DDE1B216DCCC753AD810E91ABC58
                                        SHA-256:5EB724C51EECBA9AC7B8A53861A1D029BF2E6C62251D00F61AC7E2A5F813AAA3
                                        SHA-512:3D5110F0E5244A58F426FBB72E17444D571141515611E65330ECFEABDCC57AD3A89A1A8B2DC573DA6192212FB65C478D335A86678A883A1A1B68FF88ED624659
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................" .........................................................0......Xc....`.........................................`...<............ ...................!..............T............................................................................rdata..\...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\tmp_bin\api-ms-win-crt-conio-l1-1-0.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):12744
                                        Entropy (8bit):6.627282858694643
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:031DC390780AC08F498E82A5604EF1EB
                                        SHA1:CF23D59674286D3DC7A3B10CD8689490F583F15F
                                        SHA-256:B119ADAD588EBCA7F9C88628010D47D68BF6E7DC6050B7E4B787559F131F5EDE
                                        SHA-512:1468AD9E313E184B5C88FFD79A17C7D458D5603722620B500DBA06E5B831037CD1DD198C8CE2721C3260AB376582F5791958763910E77AA718449B6622D023C7
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d..../}..........." .........................................................0......a.....`.........................................0................ ...................!..............T............................................................................rdata.. ...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\tmp_bin\api-ms-win-crt-convert-l1-1-0.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):15816
                                        Entropy (8bit):6.435326465651674
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:285DCD72D73559678CFD3ED39F81DDAD
                                        SHA1:DF22928E43EA6A9A41C1B2B5BFCAB5BA58D2A83A
                                        SHA-256:6C008BE766C44BF968C9E91CDDC5B472110BEFFEE3106A99532E68C605C78D44
                                        SHA-512:84EF0A843798FD6BD6246E1D40924BE42550D3EF239DAB6DB4D423B142FA8F691C6F0603687901F1C52898554BF4F48D18D3AEBD47DE935560CDE4906798C39A
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...x............." .........................................................@.......5....`.........................................0................0...................!..............T............................................................................rdata..............................@..@.rsrc........0......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\tmp_bin\api-ms-win-crt-environment-l1-1-0.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):12232
                                        Entropy (8bit):6.5874576656353145
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:5CCE7A5ED4C2EBAF9243B324F6618C0E
                                        SHA1:FDB5954EE91583A5A4CBB0054FB8B3BF6235EED3
                                        SHA-256:AA3E3E99964D7F9B89F288DBE30FF18CBC960EE5ADD533EC1B8326FE63787AA3
                                        SHA-512:FC85A3BE23621145B8DC067290BD66416B6B1566001A799975BF99F0F526935E41A2C8861625E7CFB8539CA0621ED9F46343C04B6C41DB812F58412BE9C8A0DE
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...g P..........." .........................................................0............`.........................................0..."............ ...................!..............T............................................................................rdata..R...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\tmp_bin\api-ms-win-crt-filesystem-l1-1-0.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):13768
                                        Entropy (8bit):6.645869978118917
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:41FBBB054AF69F0141E8FC7480D7F122
                                        SHA1:3613A572B462845D6478A92A94769885DA0843AF
                                        SHA-256:974AF1F1A38C02869073B4E7EC4B2A47A6CE8339FA62C549DA6B20668DE6798C
                                        SHA-512:97FB0A19227887D55905C2D622FBF5451921567F145BE7855F72909EB3027F48A57D8C4D76E98305121B1B0CC1F5F2667EF6109C59A83EA1B3E266934B2EB33C
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...r..x.........." .........................................................0.......(....`.........................................0................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\tmp_bin\api-ms-win-crt-heap-l1-1-0.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):12744
                                        Entropy (8bit):6.564006501134889
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:212D58CEFB2347BD694B214A27828C83
                                        SHA1:F0E98E2D594054E8A836BD9C6F68C3FE5048F870
                                        SHA-256:8166321F14D5804CE76F172F290A6F39CE81373257887D9897A6CF3925D47989
                                        SHA-512:637C215ED3E781F824AE93A0E04A7B6C0A6B1694D489E9058203630DCFC0B8152F2EB452177EA9FD2872A8A1F29C539F85A2F2824CF50B1D7496FA3FEBE27DFE
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...h{............" .........................................................0......J(....`.........................................0................ ...................!..............T............................................................................rdata..F...........................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\tmp_bin\api-ms-win-crt-locale-l1-1-0.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):12232
                                        Entropy (8bit):6.678162783983714
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:242829C7BE4190564BECEE51C7A43A7E
                                        SHA1:663154C1437ACF66480518068FBC756F5CABB72F
                                        SHA-256:EDC1699E9995F98826DF06D2C45BEB9E02AA7817BAE3E61373096AE7F6FA06E0
                                        SHA-512:3529FDE428AFFC3663C5C69BAEE60367A083841B49583080F0C4C7E72EAA63CABBF8B9DA8CCFC473B3C552A0453405A4A68FCD7888D143529D53E5EEC9A91A34
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...+P............" .........................................................0......@.....`.........................................0...e............ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\tmp_bin\api-ms-win-crt-math-l1-1-0.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):20928
                                        Entropy (8bit):6.2047011292890195
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:FB79420EC05AA715FE76D9B89111F3E2
                                        SHA1:15C6D65837C9979AF7EC143E034923884C3B0DBD
                                        SHA-256:F6A93FE6B57A54AAC46229F2ED14A0A979BF60416ADB2B2CFC672386CCB2B42E
                                        SHA-512:C40884C80F7921ADDCED37B1BF282BB5CB47608E53D4F4127EF1C6CE7E6BB9A4ADC7401389BC8504BF24751C402342693B11CEF8D06862677A63159A04DA544E
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...IV............" .........,...............................................P.......e....`.........................................0....%...........@...............0...!..............T............................................................................rdata...&.......(..................@..@.rsrc........@.......,..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\tmp_bin\api-ms-win-crt-multibyte-l1-1-0.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):19904
                                        Entropy (8bit):6.189411151090302
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:A5B920F24AEA5C2528FE539CD7D20105
                                        SHA1:3FAE25B81DC65923C1911649ED19F193ADC7BDDE
                                        SHA-256:5B3E29116383BA48A2F46594402246264B4CB001023237EBBF28E7E9292CDB92
                                        SHA-512:F77F83C7FAD442A9A915ABCBC2AF36198A56A1BC93D1423FC22E6016D5CC53E47DE712E07C118DD85E72D4750CA450D90FDB6F9544D097AFC170AEECC5863158
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d.../..N.........." .........(...............................................P......C.....`.........................................0.... ...........@...............,...!..............T............................................................................rdata..$".......$..................@..@.rsrc........@.......(..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\tmp_bin\api-ms-win-crt-private-l1-1-0.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):64456
                                        Entropy (8bit):5.53593950821058
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:5C2004DAF398620211F0AD9781FF4EC2
                                        SHA1:E43DD814E90330880EE75259809EEE7B91B4FFA6
                                        SHA-256:55BC91A549D22B160AE4704485E19DEE955C7C2534E7447AFB84801EE629639B
                                        SHA-512:11EDBBC662584BB1DEA37D1B23C56426B970D127F290F3BE21CD1BA0A80D1F202047ABB80D8460D17A7CACF095DE90B78A54F7C7EC395043D54B49FFE688DF51
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d......F.........." ......................................................................`.........................................0...T................................!..............T............................................................................rdata..............................@..@.rsrc...............................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\tmp_bin\api-ms-win-crt-process-l1-1-0.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):12736
                                        Entropy (8bit):6.592404054572702
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:DD899C6FFECCE1DCA3E1C3B9BA2C8DA2
                                        SHA1:2914B84226F5996161EB3646E62973B1E6C9E596
                                        SHA-256:191F53988C7F02DD888C4FBF7C1D3351570F3B641146FAE6D60ACDAE544771AE
                                        SHA-512:2DB47FAA025C797D8B9B82DE4254EE80E499203DE8C6738BD17DDF6A77149020857F95D0B145128681A3084B95C7D14EB678C0A607C58B76137403C80FE8F856
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...P..D.........." .........................................................0......N.....`.........................................0...x............ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\tmp_bin\api-ms-win-crt-runtime-l1-1-0.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):16328
                                        Entropy (8bit):6.449442433945565
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:883120F9C25633B6C688577D024EFD12
                                        SHA1:E4FA6254623A2B4CDEA61712CDFA9C91AA905F18
                                        SHA-256:4390C389BBBF9EC7215D12D22723EFD77BEB4CD83311C75FFE215725ECFD55DC
                                        SHA-512:F17D3B667CC8002F4B6E6B96B630913FA1CB4083D855DB5B7269518F6FF6EEBF835544FA3B737F4FC0EB46CCB368778C4AE8B11EBCF9274CE1E5A0BA331A0E2F
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d...9..b.........." .........................................................@......^%....`.........................................0...4............0...................!..............T............................................................................rdata..d...........................@..@.rsrc........0......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\tmp_bin\api-ms-win-crt-stdio-l1-1-0.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):17864
                                        Entropy (8bit):6.393000322519701
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:29680D7B1105171116A137450C8BB452
                                        SHA1:492BB8C231AAE9D5F5AF565ABB208A706FB2B130
                                        SHA-256:6F6F6E857B347F70ECC669B4DF73C32E42199B834FE009641D7B41A0B1C210AF
                                        SHA-512:87DCF131E21041B06ED84C3A510FE360048DE46F1975155B4B12E4BBF120F2DD0CB74CCD2E8691A39EEE0DA7F82AD39BC65C81F530FC0572A726F0A6661524F5
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d.....v..........." ......... ...............................................@............`.........................................0...a............0...............$...!..............T............................................................................rdata..............................@..@.rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\tmp_bin\api-ms-win-crt-string-l1-1-0.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):18368
                                        Entropy (8bit):6.28071959876622
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F816666E3FC087CD24828943CB15F260
                                        SHA1:EAE814C9C41E3D333F43890ED7DAFA3575E4C50E
                                        SHA-256:45E0835B1D3B446FE2C347BD87922C53CFB6DD826499E19A1D977BF4C11B0E4A
                                        SHA-512:6860ABE8AB5220EFB88F68B80E6C6E95FE35B4029F46B59BC467E3850FE671BDA1C7C1C7B035B287BDFED5DAEAC879EE481D35330B153EA7EF2532970F62C581
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d......e.........." ........."...............................................@......:y....`.........................................0................0...............&...!..............T............................................................................rdata..............................@..@.rsrc........0......."..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\tmp_bin\api-ms-win-crt-time-l1-1-0.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):14280
                                        Entropy (8bit):6.540126514657828
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:143A735134CD8C889EC7D7B85298705B
                                        SHA1:906AC1F3A933DD57798AE826BBEFA3096C20D424
                                        SHA-256:B48310B0837027F756D62C37EA91AF988BAA403CBCBD01CB26B6FDAE21EA96A2
                                        SHA-512:C9ABE209508AFAE2D1776391F73B658C9A25628876724344023E0FC8A790ECB7DBCE75FDDAE267158D08A8237F83336B1D2BD5B5CE0A8EED7DD41CBE0C031D48
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d................." .........................................................0.......>....`.........................................0................ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\tmp_bin\api-ms-win-crt-utility-l1-1-0.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):12224
                                        Entropy (8bit):6.677792963727018
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:6F1A1DFB2761228CCC7D07B8B190054C
                                        SHA1:117D66360C84A0088626E22D8B3B4B685CB70D56
                                        SHA-256:C81C4BBA4E5F205359AD145963F6FBD074879047C66569F52B6D66711108E1ED
                                        SHA-512:480B4F9179D5DA56010FA90E1937FE3A232F2F8682596C16EEAED08F57CF8CFFEAA506060429501764F695CB6C5B3E56B0037DE948C4D0E3933F022A0B4103D2
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&...Ge..Ge..Ge../e..Ge../a..Ge../...Ge../g..Ge.Rich.Ge.........................PE..d.....t..........." .........................................................0......S.....`.........................................0...^............ ...................!..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\tmp_bin\cmmbiz.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):643896
                                        Entropy (8bit):6.296419351516201
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:DEC954D6B8DA74A7FD0557B802F81ED7
                                        SHA1:01E35923264CACBBA5437FA204A515383AECFE52
                                        SHA-256:EE94D7C328C34A983321CB8815FE761D99CF910E9CDEB17B4931179A9885C1DC
                                        SHA-512:181E4C5E4A978D40FEA66A8693C0CA758955551A1A400E80577AA7ABBCEB3E21251FC788ECB3090CFE4B6B36A108A05CC465E619625EB12883D76A0E3B07F771
                                        Malicious:false
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 0%
                                        Reputation:unknown
                                        Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.......1...u...u...u...|.F.{...'...}...'...q...'...h...'...s.......q.......w......q.......j...u..........P......t....*.t...u.B.t......t...Richu...........................PE..d....wg.........." .....P...,.......................................................$....`A........................................`:.. ...............h....`..h1...t..8_......,......p.......................(...`...8............`...............................text....O.......P.................. ..`.rdata.......`.......T..............@..@.data...."...0......................@....pdata..h1...`...2...6..............@..@.rsrc...h............h..............@..@.reloc..,............n..............@..B........................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\tmp_bin\concrt140.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):309128
                                        Entropy (8bit):6.273650664584428
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:6800ED63E35C5E9BCA30EAD9FD2BC917
                                        SHA1:EE397D85BCBD0E4FAA1CB38125654A80464C427B
                                        SHA-256:9FB6FADB1BB526E2DA08417C656FA8C76377D19D94A7AA3CD88E66B68649871E
                                        SHA-512:1BA5DA0EEA2F1C369483548CE33635940E51DE7134647112B74909A8508748C34E6DDEF1A5DF58A72F24C351CAB2B930D49F0B6E0DD5DC5A05BFE3B01552F756
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........_Z..>4.>4.>4.+...>4.F..>4.!O5.>4.>5..>4.!O0.>4.!O7.>4.!O1..>4.!O4.>4.!O..>4.!O6.>4.Rich.>4.........................PE..d...".._.........." ................................................................].....`A........................................ ....M..,................p...6.......#......p....4..T...........................p4..8............................................text............................... ..`.rdata..z2.......4..................@..@.data....?...0...8..................@....pdata...6...p...8...L..............@..@.rsrc...............................@..@.reloc..p...........................@..B................................................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\tmp_bin\msvcp140.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):585096
                                        Entropy (8bit):6.434791126944014
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:5CDE3AED10412762E83B7FE43694A22B
                                        SHA1:4FFCDF063EAFC901105836C27A634530EA614755
                                        SHA-256:10DDFF48D704C6007E4C2D53FB4856B5E5E79479503366236246A323AAA76E9D
                                        SHA-512:FCD7BC262E7BBCBBAC9258E31B8D62EFB2E601AC1FFFAC4C86819C8F2AED26FC19403D992A57D48EC92752B2A0A8B04E8204423D6077C7800EA4015F016FAA23
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.................Z.J.....6.......$...P.....P.....P.....P.......P.....P.Z...P.....Rich..........PE..d...'.._.........." .....D..........`'....................................... ......O.....`A........................................p}..h....W..,...............X;.......#......P...x...T...........................@...8............`.. ....y..@....................text...,C.......D.................. ..`.rdata.......`.......H..............@..@.data...H;...p...$...V..............@....pdata..X;.......<...z..............@..@.didat..h...........................@....rsrc...............................@..@.reloc..P...........................@..B........................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\tmp_bin\msvcp140_1.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):23944
                                        Entropy (8bit):5.9733206977422775
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:00BCBB58255D6CBD712E89A3DD0D1810
                                        SHA1:F93D00A573A880E67C9F5C3D9530D4A1D2165E70
                                        SHA-256:E10FB192620193CB721516C30533F71CA6B2A4396B48F3858B571143E94ABA31
                                        SHA-512:6C56FCBB229C4FB0E6F49219BD698F6720804A455B4DEC5309706858491122628E6D1AB9E5F6F32004BD06FAEB48AAF5ED434E8F87D113D3C984B8D00FBA4013
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................l+A......=....f.....f..........f.....f.....f.....f.Q....f.....Rich...................PE..d...,.._.........." .........$.......................................................9....`A.........................................>..L....@..x....p.......`.......:...#......x...@3..T............................3..8............0..0............................text............................... ..`.rdata.......0......................@..@.data........P.......,..............@....pdata.......`.......0..............@..@.rsrc........p.......4..............@..@.reloc..x............8..............@..B........................................................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\tmp_bin\msvcp140_2.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):186248
                                        Entropy (8bit):6.51645164342066
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:5338E18979B5DBC62235AAB52307B820
                                        SHA1:39F1E5D294AE25ADBDA517F07ED536040591E50B
                                        SHA-256:046739D24A8253914EA8048E2C136CBBA668E62FE5284CC0FF5DB5F350B9DA2C
                                        SHA-512:A9728E82F7F212D5D1D57849F0C84DBED1BF1A1CD7A373D1BBE4AF276E20C9225282685FA75E28FE2918F4F293D1C1D2564ACEDE4D5A03C99522EC3D0E4AFEA4
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........}. ...s...s...s..Vs...s.d*s...s.m.r...s.m.r...s...s...s.m.r...s.m.r...s.m.r...s.mFs...s.m.r...sRich...s................PE..d...,.._.........." ......................................................................`A.............................................................................#...........K..T........................... L..8...............P............................text............................... ..`.rdata..............................@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\tmp_bin\msvcp140_atomic_wait.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):41352
                                        Entropy (8bit):4.617522198346172
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:5906C467C902DBB8089913630DC2A9FB
                                        SHA1:5F29B201AC8A933453C8132E2D3999793F8DC86F
                                        SHA-256:10E99480809EA56D13A477927EF7A36E866310117DFCFEF5D73382F125349181
                                        SHA-512:320300568A5B686E65F66D3A7E378B8DBA1A5F909DB9B804AB0F63F36047FA4901F017B2DB3EFB458923A75A078266E3C61FA1EAA8D916228ABFF309A9EC6C9E
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........A..{...{...{.%.....{.......{./.....{./.x...{...z...{./.z...{./.~...{./.{...{./....{./.y...{.Rich..{.................PE..d...,.._.........." .................................................................o....`A.........................................9..|...l=..x.......0.......L....~...#......D....2..T...........................P3..8............0..X............................text............................... ..`.rdata.......0......................@..@.data...H....P...B...,..............@....pdata..L............n..............@..@.rsrc...0............r..............@..@.reloc..D............x..............@..B........................................................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\tmp_bin\msvcp140_codecvt_ids.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):20360
                                        Entropy (8bit):6.090466496933911
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:30C4C228DCC865340AE407203A5A5496
                                        SHA1:2015AA10F1228764D41565DEF61178B6871DB139
                                        SHA-256:A10CDBC9C42EC9829D0F54AA0ADB75D0F990D40735EEE5D8D6C0BF790019EDCC
                                        SHA-512:01931A3979A7A49B6BE4CB20380323396F8DA392E6778451110422DBB4A6B5A8BA65E8C9399B89C325B3909D6EEF680A77AF316BEB98E5E4A013C143D22D3920
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......=4/.yUANyUANyUAN..N{UANp-.N{UANyU@NYUAN.$@OzUAN.$EO~UAN.$BO{UAN.$DOrUAN.$AOxUAN.$.NxUAN.$COxUANRichyUAN........PE..d...,.._.........." ................@........................................p............`A.........................................'..0....)..P....P..0....@.......,...#...`..$....!..T............................!..8............ ...............................text...X........................... ..`.rdata....... ......................@..@.data........0....... ..............@....pdata.......@......."..............@..@.rsrc...0....P.......$..............@..@.reloc..$....`.......*..............@..B................................................................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\tmp_bin\ucrtbase.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):1011656
                                        Entropy (8bit):6.634681451959805
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:61EB0AD4C285B60732353A0CB5C9B2AB
                                        SHA1:21A1BEA01F6CA7E9828A522C696853706D0A457B
                                        SHA-256:10521FE73FE05F2BA95D40757D9F676F2091E2ED578DA9D5CDEF352F986F3BCD
                                        SHA-512:44CD871F48B5193ABB3B9664DBEA8CDAD19E72C47B6967C685CF1CC803BC9ABB48A8A93009C972EF4936E7F78E3C92110828790AA0A9D26B80E6A523BBCD830D
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Qp...............ib.&...........Ny......Ny......Ny..$...Ny..H...Ny..-...Ny..^...Ny......Ny......Rich............PE..d.....\.........." .........^.......6..............................................e.....`A........................................p.......d........................N...!...........i..T............................2..............h`...............................text............................... ..`.rdata...t... ...v..................@..@.data....$...........|..............@....pdata..............................@..@.rsrc................<..............@..@.reloc...............B..............@..B................................................................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\tmp_bin\vccorlib140.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):330120
                                        Entropy (8bit):5.951872724913285
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:0248B7DF1783F7D15C17139C2A8E5476
                                        SHA1:F868D77E740F714348582ACA818535472E923E18
                                        SHA-256:D79236E5EF69F842451FDB1A70C4C51295B01405972E943A624719219EA5F7E8
                                        SHA-512:7FDA2942A50FB137AB53C61E17B966D01C86D205B26D08B5842327F5C3803F714DFAB855F86B468B2F8ADA8B69DDD3FA8E4DCE896668B1BF28A6C560F7738E76
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........................#..............................._..........................O...........Rich............................PE..d......_.........." .........f......P~.......................................0.......7....`A.............................................>..t...,................ .......#..........`...T...............................8............................................text............................... ..`.rdata...v.......x..................@..@.data...(.... ......................@....pdata... ......."..................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\tmp_bin\vcruntime140.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):94088
                                        Entropy (8bit):6.4315064777018955
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:7942BE5474A095F673582997AE3054F1
                                        SHA1:E982F6EBC74D31153BA9738741A7EEC03A9FA5E8
                                        SHA-256:8EE6B49830436FF3BEC9BA89213395427B5535813930489F118721FD3D2D942C
                                        SHA-512:49FBC9D441362B65A8D78B73D4FDCF988F22D38A35A36A233FCD54E99E95E29B804BE7EABE2B174188C7860EBB34F701E13ED216F954886A285BED7127619039
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......(r%Ml.K.l.K.l.K....n.K.ek..g.K.l.J.@.K..bH.a.K..bO.|.K..bN.s.K..bK.m.K..b..m.K..bI.m.K.Richl.K.........................PE..d...".._.........." .........^............................................................`A.........................................1..4....9.......p.......P.......L...#..........H...T...............................8............................................text............................... ..`.rdata...?.......@..................@..@.data...@....@.......4..............@....pdata.......P.......8..............@..@_RDATA.......`.......D..............@..@.rsrc........p.......F..............@..@.reloc...............J..............@..B................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\tmp_bin\vcruntime140_1.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):36744
                                        Entropy (8bit):6.338930426001045
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:AB03551E4EF279ABED2D8C4B25F35BB8
                                        SHA1:09BC7E4E1A8D79EE23C0C9C26B1EA39DE12A550E
                                        SHA-256:F8BC270449CA6BB6345E88BE3632D465C0A7595197C7954357DC5066ED50AE44
                                        SHA-512:0E7533B8D7E5019FFD1E73937C1627213711725E88C6D7321588F7FFFE9E1B4EF5C38311548ADBD2C0EE9B407135646593BF1498CBEE92275F4E0A22ACE78909
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$................].l...W................W.....W.....W.....W.....W.|...W.....Rich..........PE..d...&.._.........." .....:...4......pA............................................... ....`A.........................................k......,l..x....................l...#......<...(b..T............................b..8............P..X............................text....9.......:.................. ..`.rdata..@!...P..."...>..............@..@.data... ............`..............@....pdata...............b..............@..@.rsrc................f..............@..@.reloc..<............j..............@..B................................................................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\tmp_uninstall\Installer.exe (copy)

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):0
                                        Entropy (8bit):0.0
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:AFF1F413011817C52B1F3F1CF4995985
                                        SHA1:6DB4D8B4C9D882DA1011ADC31981D928C86572CA
                                        SHA-256:4AAF73E7691FB06A06CFDC303C9C82A38C549AFA5FC0034E06D4F49074ACD26F
                                        SHA-512:D387D43F62701D43BF61D25C8A608A64415335A0EF2CB5D95CA5BC9F5A5D9853550BEFD38B0E2E68E2161B378AF0E5BECC6FDDF25900040C37689BD5B883B3AA
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......v.J.2.$Q2.$Q2.$Q;..Q".$QT..Q3.$Q`. P:.$Q`.'P6.$Q`.!P/.$Q`.%P4.$Qi."P0.$Q..%P0.$Q..!P*.$Qi.%P).$Q2.%Q..$Q..-P..$Q..$P3.$Q...Q3.$Q2..Q3.$Q..&P3.$QRich2.$Q........PE..d.....wg.........." ......................................................................`A................................................,....................>......8_..............p.......................(.......8............................................text............................... ..`.rdata..nA.......B..................@..@.data...@/...`.......F..............@....pdata...>.......@...Z..............@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\CptControl.exe

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):176952
                                        Entropy (8bit):6.440331372746823
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:A04089C86829F65E693A35B4EFD7CE0E
                                        SHA1:EAC62FE99F2F5274E1CFEB0E507973762D0B7A52
                                        SHA-256:17DD429CDF6992EDCA98296027EF3B1EC2D634E56DAB0683193A103D43B7FE7A
                                        SHA-512:4914E004377C20C6BBF8113E1040FE7DEFED96E515714E7DF70F199C75FFB3F6BB56C7CBB019564B8F4FD4574334C90461D63091749BB0C90379F95EB4171F3B
                                        Malicious:false
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 0%
                                        Reputation:unknown
                                        Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......%.K4a.%ga.%ga.%gh.gq.%g...g`.%g3.!fk.%g3.&fb.%g3. fB.%g3.$fg.%g:.#f`.%g:.$ft.%ga.$g{.%g.. fp.%g..,fc.%g...g`.%ga..g`.%g..'f`.%gRicha.%g........................PE..d...k.wg.........."............................@.........................................`.....................................................|............`..x....T..8_..............p.......................(... ...8...............8............................text.............................. ..`.rdata.. ...........................@..@.data...`....@.......$..............@....pdata..x....`.......0..............@..@.rsrc................J..............@..@.reloc...............P..............@..B................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\CptHost.exe

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):997176
                                        Entropy (8bit):5.931598349330735
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:B5579FFCB31F9ADD4A8193A3BD2E1BD2
                                        SHA1:BA705E6DED191A1052DF1375F53833BACCEFFF01
                                        SHA-256:1F04D3F7FE274410F530683029FE7D8D58A6449A1F98AE7BF6D16966FCF25AAF
                                        SHA-512:9825E135D6A8EA1D2A573894CFE00C8ED1652FE5D4EB5A09F196F487EBFB28C94D630B404743D0103330E95E9FFFD02408F7E090BCFFE1137544CD946E4731BE
                                        Malicious:false
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 0%
                                        Reputation:unknown
                                        Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.......9Dr0}%.c}%.c}%.ct].co%.c.J.c|%.c/P.bw%.c/P.by%.c/P.b{%.c/P.bQ%.c&M.b.%.c&M.b.%.c.P.b.%.c&M.bZ%.c.P.bq%.c}%.c.'.c.P.bu%.c.P.b=%.c.P.c|%.c}%.c|%.c.P.b|%.cRich}%.c................PE..d.....wg.........."......r.....................@.............................0.......G....`.....................................................l................f......8_... ..4.......T.......................(.......8...............P.......@....................text...<q.......r.................. ..`.rdata..&m.......n...v..............@..@.data...X........p..................@....pdata...f.......f...T..............@..@.didat..............................@....rsrc...............................@..@.reloc..4.... ......................@..B........................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\CptInstall.exe

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):410936
                                        Entropy (8bit):6.4421069733856875
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:96392A225E98E4DBB229CB589D4D75F7
                                        SHA1:701402147283FBDFDD57A3D22B1122F469784631
                                        SHA-256:C5DEA99C88232E640274BDC2D8E15DF5A801F1F9BDFE6DCE4C3ECFF28A861813
                                        SHA-512:D3CC0AE8806D9C306D274282DC065FF2C71C07884747C7512FFFC3897E0EB2A2E3AAEC5790812A366F23B0E1EAF3352996367C96DF7A61680E6F34C10AEDF15A
                                        Malicious:false
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 0%
                                        Reputation:unknown
                                        Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.........q:No.iNo.iNo.i...h]o.i...hEo.i...h.o.i(..iOo.i...h_o.i...hDo.i...h.o.i...hOo.i...h[o.iNo.iLn.i...h[o.i...hMo.i...iOo.iNo.iOo.i...hOo.iRichNo.i................PE..d.....wg.........."............................@.............................P............`..........................................................0...........6......8_...@......0$..p....................&..(....$..8............................................text...l........................... ..`.rdata..............................@..@.data....9..........................@....pdata...6.......8..................@..@_RDATA....... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\CptService.exe

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):405304
                                        Entropy (8bit):6.44687968206303
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:DD1D230816B12AE21E95C3E99EBE6F04
                                        SHA1:A17B9F3BB68F1571B53A6383C9ADCE06401F8625
                                        SHA-256:7C11AE58EA5E7FC5575A20FFD7DAD86427C147CF3D2BA50110BF00654E78776C
                                        SHA-512:2D7A730BE0C60220DFDA7D426E9C964EAE82B7A0782C331AA018F192AFC2F5C0EA367290E8E415C06AD590827F52643E820083D0B2DD81CB5CF9E3DA94007E92
                                        Malicious:false
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 0%
                                        Reputation:unknown
                                        Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$........?.^.^{..^{..^{..6...^{..6x..^{..6~._^{..1...^{..+...^{..+x..^{..+~..^{..6}..^{..6z..^{..^z.._{.=+~..^{.=+r..^{.=+...^{..^...^{.=+y..^{.Rich.^{.........................PE..d.....wg..........".................0..........@.............................@......+.....`..................................................o....... ...........5......8_...0..........p.......................(...P...8...............x............................text...l........................... ..`.rdata..H...........................@..@.data...d9...........l..............@....pdata...5.......6..................@..@_RDATA..............................@..@.rsrc........ ......................@..@.reloc.......0......................@..B................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\CptShare.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):396600
                                        Entropy (8bit):6.368456601020734
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:AFF1F413011817C52B1F3F1CF4995985
                                        SHA1:6DB4D8B4C9D882DA1011ADC31981D928C86572CA
                                        SHA-256:4AAF73E7691FB06A06CFDC303C9C82A38C549AFA5FC0034E06D4F49074ACD26F
                                        SHA-512:D387D43F62701D43BF61D25C8A608A64415335A0EF2CB5D95CA5BC9F5A5D9853550BEFD38B0E2E68E2161B378AF0E5BECC6FDDF25900040C37689BD5B883B3AA
                                        Malicious:false
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 0%
                                        Reputation:unknown
                                        Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......v.J.2.$Q2.$Q2.$Q;..Q".$QT..Q3.$Q`. P:.$Q`.'P6.$Q`.!P/.$Q`.%P4.$Qi."P0.$Q..%P0.$Q..!P*.$Qi.%P).$Q2.%Q..$Q..-P..$Q..$P3.$Q...Q3.$Q2..Q3.$Q..&P3.$QRich2.$Q........PE..d.....wg.........." ......................................................................`A................................................,....................>......8_..............p.......................(.......8............................................text............................... ..`.rdata..nA.......B..................@..@.data...@/...`.......F..............@....pdata...>.......@...Z..............@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\Droplet.pcm

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):856
                                        Entropy (8bit):7.786798651709208
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:923D4747324854F50ECF69324741C8CA
                                        SHA1:4C19F847FA8FDF55E27B2847BFE09789ADFB9E59
                                        SHA-256:3568DBA00A55D25B736737A48163C13C1348AFC5D4022A29CA0D3724D29FFE9F
                                        SHA-512:4AE265A89F693304FBEEB661D46D0CD96304083AF75B5C245DB63A632F40E08CA280A68F20115C6C38F5202801B29084633FFED4DA16304689C4379F77693A0D
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:#!SILK_V3.W....{...mE+.&.&...`.A....;.X.^..h..(EG..\~.b..pq..........j..9.^?^....}W.`.....c'..k.........o.;J7.{..I~...|.'...C.T...mf.lOW5#q.V$v..k..w......B.d....B..K.....,+...DT....$.k.?z.........b.f..EZ..FI".~X^....8.|...Is.nj7M%8i).Q..~=.......U.....@...~...Z..,.c.i_.~Tb%..b{..[{s..V./....Bk....i.y../d.#/......."...r...h@j......j....}X..f..5.H..^'R....J..........]..M9.......*.o.|p..#..5..$i....i...=...~.N.W...a...K....q@.N.q..n.0.yW.$..n.........".n..,.s.2...C...m7\...o.....3.{<..C.*.Y......l..!...#..@.W..Y.z......s.Y.2.Ke..._..U...)o.~....Us`.2.>.I.j.........i.T.....w'_...8.(l.<....AZ._Z....0g...Q32.5.|.)N}...pq..x=.2..Qn.sZ.=.0^..B....{.......(u......jD.D...9..*....q.7..bV^#..$..F.e..8.ys.m.....Rm....Wm...1.E.....Gq.G2o..).@%.f,...G%r.;.d.V..C....qO..g..K.....}...._.-3......J.]...dG.93..Y...=......

                                        C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\DuiLib.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):2123064
                                        Entropy (8bit):6.53504436842789
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:ED415B512F4AE15C114A70DB0AE3CCD5
                                        SHA1:93CF5A9E17F4DA5A6C456E45645F627B65C50D25
                                        SHA-256:8951C5211FC2BD883A42E4C789D9C3A395D4EFC4EC29C10F8671E31BA2D2F8EC
                                        SHA-512:72C4A77B629BABA997B5CAF3036671F60A8FC79BB25F35843EBCEF033975DB6F65A3A996CED6EB59994D1A799C677578A5B55A593B322214EFF2E7CAB855E35B
                                        Malicious:false
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 0%
                                        Reputation:unknown
                                        Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.........^$.g0w.g0w.g0w...w.g0w..5v.g0w..4v.g0w..3v.g0w..7v.g0w..5v.g0w..1v.g0w..4v.g0w..5v.g0w..1v.g0w.g1w.e0w..4v.g0w..5v.g0w..0v.g0w...w.g0w..2v.g0wRich.g0w........PE..d....wg.........." .....0..........0........................................@ .....B. ...`A........................................`...._..t...l...............H..... .8_......4.......T.......................(...@...8............@...............................text............0.................. ..`.rdata.......@.......4..............@..@.data....T...P...F...>..............@....pdata..H...........................@..@.rsrc...............................@..@.reloc..4...........................@..B................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\MailClient.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):3200312
                                        Entropy (8bit):6.3945408968825435
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:AF875A5257CAE3CEB7D52A6BFCC3E51C
                                        SHA1:2270E7DCC19BDAAFD4AB73A98CD05BCDA0B9629E
                                        SHA-256:75F9E4E3519BE3BE8A6315FDA0B2575A3B7196530CEDA3AB74835DB059970009
                                        SHA-512:DA09EE97290B4CD7E189A177BAD52FFF476E8FAFB3491DFA9B0D2DE551359E0267CC53C608E9744154B1C3681F1366506B269D806B60BB8CE288141308068A06
                                        Malicious:false
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 0%
                                        Reputation:unknown
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........m..`...`...`.......`.......`.......`.......`.......`.......`.......`...`...c.......`.......`.......`.......`...`...`.......`..Rich.`..................PE..d...?.wg.........." ......#..D......p.........................................4......1...`A..........................................,.....(.,...... 4.h.....2......v0.8_...04.4A...&'.p....................)'.(...`''.8............ #..............................text.....#.......#................. ..`.rdata....... #.. ....#.............@..@.data....L...@-..n...2-.............@....pdata........2.....................@..@.rsrc...h.... 4.......0.............@..@.reloc..4A...04..B...40.............@..B........................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\UIBase.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):1911608
                                        Entropy (8bit):6.421540894274962
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:8C986F17E6F33EC5BF0600D5E45763D7
                                        SHA1:61EECE14843E60A7D4935492D3C0B8C4273DDB7E
                                        SHA-256:DEAB0F10CA46BBDF1AED714B009B450A1600E88736AA5114DFC0AE2334D7A10A
                                        SHA-512:99729721630E13D265F87E802243C5F0ED71D9DFE3D4CC0968E8E436DE1CE2A6390B1E9BCD4AF4D0D526E19F94EACF3C499E841EE13DA59AB9E75580F4AA96CE
                                        Malicious:false
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 0%
                                        Reputation:unknown
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......X..5...f...f...f...f...fN.g...fN.g...fG.g...fN.g...fN.g:..fG.g...fG.g...fG.g>..f..g...f...f...f..ge..f..g...f..hf...f..g...fRich...f........PE..d...9.wg.........." .........0.......j..............................................g.....`A.........................................3...................l... ..\.......8_...P..8...P...T.......................(.......8................=...........................text...N........................... ..`.rdata..|...........................@..@.data....g.......V..................@....pdata..\.... ......................@..@.rsrc....l.......n..................@..@.reloc..8....P......................@..B........................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\WebView2Loader.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):162368
                                        Entropy (8bit):6.1918256403694265
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:AEE20EF43CF692C9080C5973B1B79855
                                        SHA1:B3885791B0E122F8360D6FB7C0E0AC7FE4FA14FB
                                        SHA-256:31423E905E29C8A40A483E81DAE1491990805FA066634D218B35BB96692BEF0D
                                        SHA-512:EAB6684095C0A7555D921FB1A2E136FA1D761C5766C48571000A97403E6D437A3A4833C571F86C039AA8307FB2FC3FAE1ACFFD63085AE9D2EA0D9E7F9EC1ACE6
                                        Malicious:false
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 0%
                                        Reputation:unknown
                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...U2me.........." .....N...........K..............................................l.....`A....................................................(............@.......R..@(..........l...T.......................(....a..@...........h...........`....................text....L.......N.................. ..`.rdata.......`.......R..............@..@.data........ ......................@....pdata.......@......................@..@.00cfg..8....`.......*..............@..@.gxfg........p.......,..............@..@.retplne.............>...................tls.................@..............@..._RDATA..\............B..............@..@.rsrc................D..............@..@.reloc...............J..............@..B................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\XmppDll.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):2224952
                                        Entropy (8bit):6.433548909740773
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:87F90630232BCD0BEBA11B9DDF7C014A
                                        SHA1:8ABD3B33F51DA897A01375F26633640E1A46848E
                                        SHA-256:39B80DF87CC44C82B58004C065B516CF2155FB4C402B3537E3F05AA8E22030F7
                                        SHA-512:E9B0114029924E271BC4785D6D787580D307C8A34A1B027DD470A5BDC399BDA0766499BD47BDE0394B78FFD7F48D8798378527F98333BF48E17DDFF9CB65538A
                                        Malicious:false
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 0%
                                        Reputation:unknown
                                        Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......Vn=$..Sw..Sw..Sw.w.w..Sw@zVv..Sw@zWv..Sw@zPv..Sw@zRv..Sw.zRv..SwIgRv..Sw.zRv..Sw..Rwm.Sw.zZv#.Sw.zSv..Sw.z.w..Sw...w..Sw.zQv..SwRich..Sw........................PE..d.....wg.........." .....n...4...... .........................................!.....2*"...`A.........................................N..L....O........!.@..... .......!.8_....!.. ..p...p.......................(.......8...............h............................text....m.......n.................. ..`.rdata...............r..............@..@.data...............................@....pdata........ ......b .............@..@.rsrc...@.....!......l!.............@..@.reloc... ....!.."...r!.............@..B................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\ZMDB.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):1122104
                                        Entropy (8bit):6.629025155408152
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:CAFE0654A8B9B5E3A0B3DA1BA3A826B5
                                        SHA1:99D25D0FDB50659EC1324175E390EBE4EAA96371
                                        SHA-256:59FD260096C12E1DF2E7B67628764ABFE13E73FB3182A6D3105249E442E8AEE9
                                        SHA-512:AE86C3705BAFC8D06C7FDA5FEE5659B1DE78CDD1BA0966F76D9F464863AAC47D15C0B3C3B617D96263B1D7AFAE2D916EFCC4A9CD9D95E20040C870052CB609FC
                                        Malicious:false
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 0%
                                        Reputation:unknown
                                        Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$..........R...R...R...[.4.\.......Z.......V.......N.......T......V......P......[...R..........J......S....X.S...R.0.S......S...RichR...........................PE..d...R.wg.........." ................p.....................................................`A........................................P[...S.. ...T.......h....`...w......8_......D.......p.......................(...`...8............ ...............................text...<........................... ..`.rdata..B.... ......................@..@.data....g.......\..................@....pdata...w...`...x...0..............@..@.rsrc...h...........................@..@.reloc..D...........................@..B................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\ZUI.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):903992
                                        Entropy (8bit):6.343364418189578
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:A1C85AAB8E293B8F6C2FC6F1250A3BDD
                                        SHA1:BFA4BD2B836C299C217427C43B0A403C2C9CE103
                                        SHA-256:51ADAA5FFA9E50B63F860A21F8EE98132A757E32954976462E41F99B9C8CC6F7
                                        SHA-512:AB6F4D150F3011BD8D8CA618DA392C8226081C3A73F1015AC696D09D58329ECACBE502A30D899BFCCCF7D4A288CABBAE2F78B2996D8E55F29DED3C979BCFCBA2
                                        Malicious:false
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 0%
                                        Reputation:unknown
                                        Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......wh$.3.JO3.JO3.JO:q.O?.JOa|ON*.JOa|NN;.JOa|IN7.JOa|KN5.JOhaNN2.JOhaLN2.JOhaKN'.JO.|KN4.JO3.KO..JO.|CNt.JO.|JN2.JO.|.O2.JO3..O2.JO.|HN2.JORich3.JO................PE..d...`.wg.........." .................l..............................................lu....`A............................................D...T........P..p....... X...l..8_...`..`<......T.......................(.......8............................................text...l........................... ..`.rdata..............................@..@.data....}...p...t...X..............@....pdata.. X.......Z..................@..@.rsrc...p....P.......&..............@..@.reloc..`<...`...>..................@..B................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\ZZHostIPCSDK.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):294712
                                        Entropy (8bit):6.580746494529271
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:10F0983FBB9F7FD5CA6A28376DAD5E2C
                                        SHA1:9055DB92A679918584A6E50B808E552824B8EB88
                                        SHA-256:3C88FD685462229B2FE3A7F12A6F3E18853D9E036D060667D3A875FB73FB03F3
                                        SHA-512:DF1B2AF9EA89EE7C4F8495C6A9F593167ACBC9C2B892BF2409FD38AA2A79C4CBEBF62EDA1DCEB2F48C2EE7199FBC807C95E611FD4BE04CA5F06E7A09B1AAD13C
                                        Malicious:false
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 0%
                                        Reputation:unknown
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......S^k..?...?...?...G...?..EJ...?..EJ...?..EJ...?..EJ...?..LW...?...J...?...J...?..LW...?...?..u>...J...?...J...?...J...?...?...?...J...?..Rich.?..........PE..d.....wg.........." .........Z......p........................................p............`A.........................................s...[..@........P....... ..."... ..8_...`......|...p.......................(.......8............................................text............................... ..`.rdata..............................@..@.data...............................@....pdata..."... ...$..................@..@.rsrc........P......................@..@.reloc.......`......................@..B........................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\Zoom.exe

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):434488
                                        Entropy (8bit):6.296156203808814
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F481F25C82B2CD0302544AAB09BD7884
                                        SHA1:DE1961675872C87D579546751130DE9F557B4F4C
                                        SHA-256:6B2D852ECEE3A416C5ACA9A7C2796EDA4B173BDAE74D5DA398676D42F41EFF6F
                                        SHA-512:BEC5DF4EA6AA12F23F33ABC375979FBC0CA44F45BD57478569A2BE039E6DC83267A108F4C68FB0B71952EEA32CEB240FFCCDE09F44977C85CE67769208E9564F
                                        Malicious:false
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 0%
                                        Reputation:unknown
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Zgz2...a...a...a.~.a...aLs.`9..aLs.`...aLs.`...aLs.`...aEn.`...aEn.`...a.s.`...a.s.`...aEn.`...a...aU..a.s.`...a.s.a...a...a...a.s.`...aRich...a........PE..d...Y.wg.........."..........`.................@..........................................`.................................................(.......................B..8_...p..p.......p.......................(...P...8...............h............................text............................... ..`.rdata.../.......0..................@..@.data....a...0...Z..................@....pdata...............t..............@..@.rsrc..............................@..@.reloc..p....p.......:..............@..B........................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\ZoomInstall.xml

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):11452
                                        Entropy (8bit):4.838018442262877
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F1F408B9C88E3354E8A68C41D52A1F7B
                                        SHA1:EE204AFC3BDBFAAD00C00253932B9908FFF7D580
                                        SHA-256:D52D6379D4132EF1EE86D6FA1E4346A64048DFA2562954A3F3F075B9B4F5104E
                                        SHA-512:25F83567D86885F6A8E4E80D1EE56FBA6974CB04FB5C0B03C3617EC9E543CCEC2EB365687E6533085DE874B63A1C5ECD4142A71B8699E675638F13FFF96D4D5E
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:<?xml version="1.0" encoding="utf-8"?>..<zoom_installer_root>..<install>.. <fileop>.. <file name="bin" op="addDir" dest="$bin$" ></file>.. <file name="bin" op="addDir" dest="$uninstall$" ></file>......<file name="msaalib.dll" op="add" src="$src$" dest="$bin$" ></file>......<file name="CmmBrowserEngine.dll" op="add" src="$src$" dest="$bin$" ></file>......<file name="Cmmlib.dll" op="add" src="$src$" dest="$bin$" ></file>......<file name="cmmbiz.dll" op="add" src="$src$" dest="$bin$" ></file>......<file name="zUnifyWebView.dll" op="add" src="$src$" dest="$bin$" ></file>......<file name="CptHost.exe" op="add" src="$src$" dest="$bin$" ></file>......<file name="CptShare.dll" op="add" src="$src$" dest="$bin$" ></file>......<file name="crashrpt_lang.ini" op="add" src="$src$" dest="$bin$" ></file>........<file name="libcrypto-3-zm.dll" op="add" src="$src$" dest="$bin$" ></file>......<file name="mcm.dll" op="add" src="$src$" dest="$bin$" ></file>......<file name="nydus.dll" op="

                                        C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\ZoomOutlookIMPlugin.exe

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):703288
                                        Entropy (8bit):6.09625301187915
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:22287F7F1ACDA875CE64BC35B3EB7995
                                        SHA1:8B211C3B2930A1A157835B5008C2BA8BCE78E808
                                        SHA-256:349E8304A31944AC3CE21D29DD9D434C8FCF33EBE7ABDAA26603D680D964CB6D
                                        SHA-512:9F46E9F3742087CD7ED62C3F9AD60FBD90A1E662FA0D9B57494BCEADF848991751476D859D5897058FCAFECAF2CEBB19FEAAA69B287ECB98B5BB4ADA496CB44C
                                        Malicious:false
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 0%
                                        Reputation:unknown
                                        Preview:MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$.........R.B.<.B.<.B.<.K...R.<...8.H.<...?.F.<...9.m.<...=.D.<...8.F.<...:.@.<...=.Z.<...=.@.<...=.E.<.B.=.R.<...5.K.<...8.@.<...9.T.<....C.<.B...C.<...>.C.<.RichB.<.........................PE..d....wg.........."............................@.....................................w....`..........................................................p..x....0..06...\..8_......d... ...T.......................(.......8............................................text............................... ..`.rdata..fz.......|..................@..@.data........@.......0..............@....pdata..06...0...8..................@..@.rsrc...x....p.......@..............@..@.reloc..d............B..............@..B........................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\ZoomTask.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):362808
                                        Entropy (8bit):6.4823327450449275
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:E96A87C23B4722A8198BA89C3655C6D0
                                        SHA1:E082A200B82FA80F9AE68751138CA64C0AF6C853
                                        SHA-256:CFBADFFED9FA59FB0228907ED3DC5601993066373EC00415106FFF85525FD258
                                        SHA-512:99FCAC783A822284BD01FDA33D1BDF5EF3F6B655DAF71AB16A95B80DD58559C6156F2D8BAC3CD9EB7DD205E735AA5A213EA02B22E9333CC0AFCB6F417306F5E5
                                        Malicious:false
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 0%
                                        Reputation:unknown
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%.V.a.8.a.8.a.8.h...k.8.3.<.i.8.3.;.e.8.3.9.g.8....c.8.:.>.`.8.3.=.A.8.:.9.l.8.a.9...8...1.l.8...8.`.8....`.8.a...`.8...:.`.8.Richa.8.................PE..d...?.wg.........." .........r......P........................................p......r.....`A...................................................,....P..h.... ...+...*..8_...`..........p.......................(.......8............................................text...N........................... ..`.rdata..............................@..@.data...DD.......:..................@....pdata...+... ...,..................@..@.rsrc...h....P......................@..@.reloc.......`......."..............@..B........................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\ZoomTelemetry.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):3092792
                                        Entropy (8bit):6.260960804634112
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:64006475691ADDA21ED8F79F5253F5A3
                                        SHA1:138D73B15EC404B562AE6453E66919297AA8F70A
                                        SHA-256:37A728516F376FB492307EA1CC99529BF9E50E6A713B11CBD1BB7B123E9A7964
                                        SHA-512:DB5ADEFDDD9DFF7D03BAE0797934DEFE1BDFB86EFF9B28313862E49E34EC766AB490861F8867CE6DD914D9B70C29088243FA5085004A8A3DFFBEF737D13663DE
                                        Malicious:false
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 0%
                                        Reputation:unknown
                                        Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.........................a........................................>.......9...........q...9.......9.......9.........e.....9.......Rich............................PE..d.....wg.........." .....J ..........p......................................../....../...`A.........................................<*.d....=*.,.....-.h.....,.........8_....-..-.. 4&.p....................6&.(....4&.8............` .@............................text...gH ......J ................. ..`.rdata...)...` ..*...N .............@..@.data...@R....*..F...x*.............@....pdata........,.......,.............@..@.rsrc...h.....-.......-.............@..@.reloc...-....-.......-.............@..B................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\Zoom_launcher.exe

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):408888
                                        Entropy (8bit):6.4387241837450055
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:2FD6CB4264783B96CF047225AAD68AE2
                                        SHA1:2F57B97C31C555ACEDC528522D1BCF1D597B4A9B
                                        SHA-256:84E41D0D0410CAF833D6D7A70F577C94ED8F8DA61C006243D0D952B86E9D3BC5
                                        SHA-512:BAEA1AFAB624C3CD09641B68C724F9FB58ED51A74D2B0C78B4D9EAFD141FE1C3F8943269BDB95EA5D9A3DAF4FA5D62E7AF133F43F0C5C4927754FDC48552FCD2
                                        Malicious:false
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 0%
                                        Reputation:unknown
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......o(..+I.\+I.\+I.\p!.],I.\p!.].I.\M&.\*I.\y<.]:I.\y<.]"I.\y<.].I.\p!.] I.\p!.]*I.\p!.]>I.\+I.\.I.\.<.]%I.\.<.\*I.\+Id\*I.\.<.]*I.\Rich+I.\................PE..d.....wg..........".................p..........@.............................@.......f....`.................................................p...........P....P..H.......8_...0..........p.......................(.......8............0..@............................text............................... ..`.rdata.......0......................@..@.data....0..........................@....pdata..H....P......................@..@_RDATA.......p.......&..............@..@.rsrc...P............(..............@..@.reloc.......0......................@..B................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\annoter.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):1288504
                                        Entropy (8bit):6.291364878961274
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:5E6A19C20999CEDDAA785E5D91FDE33B
                                        SHA1:633F427C77EC7B3D3D4FF5ACC4CE4CA7F315E0FF
                                        SHA-256:535A43F5E0ADB270CB121A128BDEB826306C4A82C26753B218267548638C3A7B
                                        SHA-512:7E1E50BED5E50D578B4A2CEDA5CB8C12EF7AE23C33570875391DB431FA9D5127DC4E00DF0D7DCDB076A805DE405D8909455AD3BB655EA75EDA81E708DB3C0862
                                        Malicious:false
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 0%
                                        Reputation:unknown
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........V..............m.....N...........................................................R...N......N.......N.........i.....N.......Rich............PE..d.....wg.........." ........."......@.....................................................`A.........................................(..p...`).......`...........p...J..8_...p...(..@M..T....................O..(....M..8............@...............................text....,.......................... ..`.rdata...!...@..."...2..............@..@.data...pT...p...L...T..............@....pdata...p.......r..................@..@.annoter.....P......................@....rsrc........`......................@..@.reloc...(...p...*... ..............@..B........................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\archival.pcm

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):5441
                                        Entropy (8bit):7.929630348735298
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:2DA32E501E9720B40D438FF7352A5573
                                        SHA1:E59FDECD75B2C8CB4B26BB4A2B3C622DCA8A2E3B
                                        SHA-256:5E7D1491E7D6969EB67646F87AB2DBF0FF1D1CB4F5CF631128A305E2B67D4A1B
                                        SHA-512:5DA2C201BFD01FC1EF1724ACB0F6FDDD7BE39F83B6FFF5C80AEF71C96F14D30C694DA82B1C41183B2B9AB9EF99D45FAA657C4F6A984F87A97AEF08D9E824CCEE
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:#!SILK_V3....+t...I..#pC...+t......?...,...g.............7&.8o..C.<.^R.........O.....F...0...#......7....~?C.~.O.....n,.AN.)...i;=`..m...yP.1.n....#...&.d..2Py327....U....l.7........o...x.C>.2G.n.......6.3.A...k...l.h+Qci......8.~...........i.I..I.......t".s.RC..........\|-0.R.T<..C..t..2.n..]......o&....k...f..l.`...q..|i...aS&...9X_:$z=.c.z....=......hA...=...-.d..$...C.Gn..ge-.M....T."..G.V]!cFT...?;...hw,w .x%.Z..t.?...wG..#F.`tas.4.......].{....(.._..p.|..F....M.j.pR..^`KF.j.E.............v....;.....5.]k......P=..._.]....)...;...U..ZqL.......f......+..4.Z.....%..$.pT..&aV'.....2.OE..CZ^..8...V...A....a.a......1%..r..d....[.#...G<E..l56y{.8..Da..9.......&.z.My..z....I.@.....0f.|oL...f..<..6.......x.k.3...T)..e.:.C........g.f.W.V....f.x)C.U}.yJ.{.@..5...@.a..S........V.l......;..L.R.k.vC7..Oj.E.....M.8...q.....p.B..^}.......n8.......,.....Z|......I.._C=c5..g.X..p.<g./.O.a..x-.........1..i>.r.L......u8..y.1$...v%NA~.0..o,..=;(.7..r.

                                        C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\asproxy.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):252216
                                        Entropy (8bit):6.436779111855593
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:AE07DA01894E593951493040C5A64537
                                        SHA1:578CF11F32F31632638C4ECD4D6A89AFA5F63171
                                        SHA-256:AA5DA8CCB5791D5D78C631BD4B538745EE76553D5BC74FEB8FF1CFE0EAEE8146
                                        SHA-512:C0D586651A340392439EF56DB94BBF3043B4EFFB378A31E861D60869318593C8CFCA486583B073A593ED5E9936F6848A9E3B8C57BF0FEA8F485AE11E4154CC77
                                        Malicious:false
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 0%
                                        Reputation:unknown
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........|.\..K\..K\..KU.KP..K...JT..K...JX..K...J@..K...JZ..K...JZ..K...J^..K...JW..K\..Kv..K...JS..K...J]..K...K]..K\..K]..K...J]..KRich\..K........PE..d....wg.........." .....|..........`o..............................................a.....`A....................................................@.......h....p.......z..8_.............T.......................(...0...8...............@............................text....{.......|.................. ..`.rdata..............................@..@.data...p....P.......:..............@....pdata.......p.......R..............@..@.rsrc...h............n..............@..@.reloc...............t..............@..B................................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\cares.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):174904
                                        Entropy (8bit):6.558779080300533
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:7E3BA6A1D5BE41234DA2613E9E291859
                                        SHA1:ADD704B5F4440C5E9B260C0C740F14D593859FA9
                                        SHA-256:97880576CCBD7B7E67A210ED5659C7A38E8545A7C17D62AC755085CD591AFDD9
                                        SHA-512:CD1BDA21A4ECEB15E9A62F0E6D5A2E441103A614430D59D22A745B8DDBB7C5228EE37E3EC40ABE10828F73E34EA746AF0D3E9E22790C365A27C15F96252256C3
                                        Malicious:false
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 0%
                                        Reputation:unknown
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........H...H...H...A...Z.......J.....b.J.......D.......@.......L...\...A...H...................I.....`.I...H...I.......I...RichH...................PE..d......g.........." ................`.....................................................`A.................................................#..,............P..$!...L..8_.......................................... ...8............... ............................text............................... ..`.rdata...a.......b..................@..@.data...x....@....... ..............@....pdata..$!...P..."..."..............@..@.rsrc................D..............@..@.reloc...............J..............@..B................................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\clap-high.pcm

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):9590
                                        Entropy (8bit):7.93037972212785
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:C32F95839557340B4B4197A68847CA1D
                                        SHA1:0FEED637C4766B9B30AB6732259670F8C12C5538
                                        SHA-256:0A16435CB3F7B8B1787476575AD646361E6FB4C07587DF874940413DE004DD08
                                        SHA-512:F5F0DD4A313FF6686BED5090AAA64885D319B8FBA51FB2722B764668B26F06CE95164444652661B027E35F3C6928D3919422E4816BBB81BBD0F7914869004700
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:#!SILK_V3.8..h...H.]s.3S...;..Ln..p..._......v.Z......,.#K..U......F...$.w.V....|"...o.....U..R.>...!.X.z.....4.s.g.p..Q..8..@...>:5.].;...>...,.&.>!.....f.G.IT.....t.}.1........`...y-B....:..m.7..J.+...2..I.....v..6..m.....XJX.U....)..6Q\..F8*!o;....HE}Q......_...`u.>.#:....p..3.............@..Rw...i[0..8...M...X.o."..2...LyW" S\.....8..fulR.Qc..I.Xd.:.'N<..Z~.4.....W..:.*.M..;....X.<.j*^m$..${M...).....{..../6.....I.^....E..[.qO...oH0O..@........f..0_...V.......I4..........j..........b4.-8..&..dR&W..{....[.;.w...:....-L,@.......A].../6.["jyQ.....j.j...SK...K....Hwg..).d.>.....3.v. o....-...@*G..q ,..K.O0...tb.Q...2...a............?....K...k...?.d...nGo..../..j%M.9...p.....W....4/...N..5@<.O9....<P>...Tjzb..EB.3/..7CFM.jZ..s.TV.*_....G..@.V.9..LP.?....(B.$}...<.R.i...%k]..o.P...RA........)..tW..z....._..S9.....V..,."T.......V..f.>..d>....0.iY..D..CHWGJ..1R..q_<..N.7.d.Uo..g.e..........X..?..J6j.7.",E..Q.S+G.......2v.A.....'-[.fK.J.[8{......

                                        C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\clap-medium.pcm

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):9054
                                        Entropy (8bit):7.932385598310832
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:AA93AB138EC89CF7CFB8B4B0EA8990A6
                                        SHA1:D13B139D666C76CB12E1C0280C1343770ADC8AAC
                                        SHA-256:D754FC9D9378772B7A17A53E6598C9CFE4A0F3EC492F0ED30241020562F58509
                                        SHA-512:F91C59CF1B1645B24997A1201BDDB52953C0904F855B78ADD275D71401E4F9E6BCEF59FE1D7205E222470689DACF2D55AE752CC2BE66BBEE5258DB284B42E6C6
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:#!SILK_V3.1..#.8t.......,..[..RTsZ.L.`.Q...5..R.ZS.W}.g9.....x.[.zAT..>...L.y.0T..q.=.O.y.5I..y.|l..h.k.....TVL..=....I.......<\...C.?ma.?...PV@..At...........>..cR.....#.m.F..7...9h0#..C..d*.N....-.......:&...G..v.F.//dj..f!..p..;..X.."2(T..U3-2??...W..neGh66...s.f.......+Q...R{..q.Q#V[k.k7...X.....X..9.B..&._....j@...+o.:..;....x....oc..7.>.+......Y.....v.V@.*...U.0..A..P\N..l6.j...05...?.ns.....Z+.o.M.j....p..........j&........U.Wf...1..{...,x...l,Q....|.?(O....\...Y..?.U,..x."....?>..M..`5z.....c:0......70G:?..Pe;."..x%.@..oZy......D.4(e....9..":..>5....-..6....e...V .zH.00y...N.K...5....D..2......C...>'e.....8.....&!...O..P.T.>....CR3..wo:.|K.....Yd..(..q.5.RRr..?...i ..:. ..IEX..|.G.X..".n.{f..t.{1=HU.u.v.Zr..#..!R..uG;3;.Z.J.....\./..kf...........Dk9;].*$.|.T...4Z^..G.;.b..m:......b.H.....@.....,...Kh....<.......I.s&.\.#..b.$M....N.M...,......c.i......`...C.[g.G...U...]}f=G?..w/2...$.... HuH...={nr#..5.|.,...p.=...q...<..u$..3..+...N.V..F

                                        C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\crashrpt_lang.ini

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):7480
                                        Entropy (8bit):3.4677199714078526
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:FCF61AED8F093BFCF571CDD8F8162A05
                                        SHA1:8DE8177798AAE82D5BCC0870C1CA5365F5D9966D
                                        SHA-256:1F5B45A5411F7FC71B9DA789D6D1EAD8AD30551FBEA7BBB40FC7EA576D581ABB
                                        SHA-512:8A5D252D115F868A4E20FCE10F9F9EC5F3948F0AD5680D656E0EBA1FD167D36889E54C6E59BCDE756945F93685401B825BA9DD7243D907D74B58A1D826609D72
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:..[.S.e.t.t.i.n.g.s.].....A.u.t.h.o.r.N.a.m.e.=.....A.u.t.h.o.r.E.m.a.i.l.=.....L.a.n.g.u.a.g.e.=.E.n.g.l.i.s.h.....R.T.L.R.e.a.d.i.n.g.=.0.....C.r.a.s.h.R.p.t.V.e.r.s.i.o.n.=.1.4.0.3.........[.M.a.i.n.D.l.g.].....D.l.g.C.a.p.t.i.o.n.=.E.r.r.o.r. .R.e.p.o.r.t.....H.e.a.d.e.r.T.e.x.t.=.%.s. .h.a.s. .s.t.o.p.p.e.d. .w.o.r.k.i.n.g.....S.u.b.H.e.a.d.e.r.T.e.x.t.=.P.l.e.a.s.e. .s.e.n.d. .u.s. .t.h.i.s. .e.r.r.o.r. .r.e.p.o.r.t. .(.%.s.). .t.o. .h.e.l.p. .f.i.x. .t.h.e. .p.r.o.b.l.e.m. .a.n.d. .i.m.p.r.o.v.e. .t.h.i.s. .s.o.f.t.w.a.r.e.......W.h.a.t.D.o.e.s.R.e.p.o.r.t.C.o.n.t.a.i.n.=.W.h.a.t. .d.o.e.s. .t.h.i.s. .r.e.p.o.r.t. .c.o.n.t.a.i.n.?.....P.r.o.v.i.d.e.A.d.d.i.t.i.o.n.a.l.I.n.f.o.=.P.r.o.v.i.d.e. .a.d.d.i.t.i.o.n.a.l. .i.n.f.o. .a.b.o.u.t. .t.h.e. .p.r.o.b.l.e.m. .(.r.e.c.o.m.m.e.n.d.e.d.).......Y.o.u.r.E.m.a.i.l.=.Y.o.u.r. .E.-.m.a.i.l.:.....D.e.s.c.r.i.b.e.P.r.o.b.l.e.m.=.D.e.s.c.r.i.b.e. .i.n. .a. .f.e.w. .w.o.r.d.s. .w.h.a.t. .y.o.u. .w.e.r.e. .d.o.i.n.g. .w.h.e.n. .t.h.e. .e.r.

                                        C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\dingdong.pcm

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):3544
                                        Entropy (8bit):7.892267759212324
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:54511224E61E71D2915FF67E57DCB268
                                        SHA1:BA45F16F12D2E29480952367C0C6BD34FCD16827
                                        SHA-256:7AADF0E317831D287B51E41992B43F0F381AE48A312CB77A426EEB3B6129D6D7
                                        SHA-512:46B4EA771328A25C6384D5CDFF7643CED94DD446830B165F80FB69DF2DD2754062DCA0636604602A7EBAD4CE29B3F8EF62A81F59CF5502BFC78468C8C67A41FF
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:#!SILK_V3.1.}...._Y=..>.v..L..r.....h.V.V.....$.=Bae...P.j..D...I......{.N3..N.... .;..XoK......K....%..e6[0Pa...Tu.j..D.a...O..I8....5...N..;s9...d.U.G....d...e&.S..1.}!..bu...t.3{Z]6..)4...gt6. .G.o.r...<..6.q7/.".|.......M./.SV.......kLr..-...eF.Q_..>!..mK.|..v..:........ %.L.|..i.....Q..~...a....@..d}.............j._E....;i.UW..T.....~...h..qPf....I...Ms..^.K.*..T;K..:._NF.O.7.@.aI..~[2..,|...<f.....=........l.!:..,..r....r.t.....;....-.D..js|2.?.tU.h...g...#.h..".3.........I......@SH0.4...!<T..!...S..S;...8...<.bEHP.7..+X..d....V}.RjQ...3..BZ.V.4@,9..4.dR.E....mX...{...j...Z..j.3. .H.p...?Y...7..2.&P59IA..6.1...?.7...r..;q.;>..t=.0FJnGb.....>.'..q"?.U.e..C...p0......?4...b.wF.........:Z.['.P]W.J}.KXF......T....|.....[=...d6..Q.../.F..`.S.j.<..1#.?.r...{...f.aTh. ?.v./f.w.~.F..\......m...@w.\,>].x.{..P...6_.p.3.s..n..H3.r9..*...z..uR..A=.s...Ar..[..`.ie..g.`...^c..Q..?...8....f...Z..Q....T..O.e.D.z=.@.e.....k.O......5...}.=v=.@... .<^u../Z.1.....

                                        C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\dingdong1.pcm

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):4282
                                        Entropy (8bit):7.924284641848732
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:8FE86D9E8AA5C709BB0563243172E580
                                        SHA1:C22BB02D82516A66F8473DBB4209BF22BB60FA14
                                        SHA-256:2FBBB9AE6A463B360E1459BEE558DAFA8D864DB2423F0FE4D2C56D22C3F3A5A2
                                        SHA-512:6C47E964421EBAB2C0C6199B97FB9C61B0A228FC654ABF2E4D2BBAEEC9640BE2A5ACCA92474DFDD0B43FACC71C60A9C9BA727D300CADB6128EF1F3DCD9A6C10F
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:#!SILK_V3......Y..w...3(...c..<..&...I..N_<.....WNx;...t.|U/.5.d.....&..F.1.4.jF~o...u..M....W.Gysv...K.....ET;)...=.-......h.i...T.gj,.*.,v.U..G.?.*d..F....k..).W.I....~....7....08...K.......q&q....U 1.....Q....q.......Z...#./..m]8..Q.j.9/.P.#N.y+.P?..6.l.E.SLM.M2...9..d.>.9..d.I..Y$k..j..@_..VJ...Z.#M.........._Y....t.'..:...D..m....r..8.........Ih.5..f.X...Y:7N..r.u.....t.z.....LpvS<.o>..+....Q....9....N.B.-.j.ml2..B.Y.J.....t..R|.,Sm.kL./u....M.......>GP..b..........#BV.M..Mj.GP.'.mc.... G..M\..2.aQW..k1..:;}).bq../..Y...F....skJ.......sP.d..n&.Y......=.l.*.l....{m...]`3..3!jDO.m./.u.R........Y.}...{.N...`@..n...=.y.\.t.^K&.T....h.....[..H....`..&...U..o@W)(:.).oN!...F.t.~E^...X..v.m.!.m[pj......j}%.9r.~.A+.,....wr.....^K...U.O.v....%&M.s..T.@..l.9.....7..gw}...[..}D.*...9.;..F....[....)..'...Q{6u..8v.aC.@.o..X......T|..r.U&.T..H...e.#....<...McFG...P..}9J...h..<@...T.f../W.ci....d..r.(...eq....\M>..)._.H.1.*.UJ......a.....W.J..v.

                                        C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\directui_license.txt

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):593
                                        Entropy (8bit):4.717733105473075
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:AB54B14548A4CC76DD7C27414D971111
                                        SHA1:68A3888B33EE1C5D5EFB913846867C9A8788CADB
                                        SHA-256:6033476BE3D1D41166B65984E2BE94C87AC98DCE55BFEC887E932B696E859295
                                        SHA-512:CC8C4D90EFEDF4AEB3BA3B64EBD0E938576867618A334BCCF3CB6790338C6A1DA239393A618F6E6A1186CB363CB514AC9528ADA51F0090FE2FC709E5C666D971
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:DirectUI - UI Library....Written by Bjarke Viksoe (bjarke@viksoe.dk)..Copyright (c) 2006-2007 Bjarke Viksoe.....This code may be used in compiled form in any way you desire. These..source files may be redistributed by any means PROVIDING it is ..not sold for profit without the authors written consent, and ..providing that this notice and the authors name is included. ....This file is provided "as is" with no expressed or implied warranty...The author accepts no liability if it causes any damage to you or your..computer whatsoever. It's free, so don't hassle me about it...Beware of bugs.

                                        C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\duilib_license.txt

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:ASCII text, with very long lines (755), with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):1338
                                        Entropy (8bit):5.12024464950472
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:7FAEC2006BB231D14B794A9F31769448
                                        SHA1:C2B5A34FE521502F6FCA3031201B47074F30F258
                                        SHA-256:7ED2ACCA31A243BA107D8C12FDDECD52462FD326D3D2C73B04D4CF10C76765FF
                                        SHA-512:777E0EC5D6B599FB0EABB8180FB6F302012FF12245E3DE6A3DC568798CB057858EFF18B08DACD28A72250236C4767ABC2583670D92A946F684B45CB5144BD7E2
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:Copyright (c) 2010-2011, duilib develop team(www.duilib.com).All rights reserved..... Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met..... Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer... .. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.....THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO

                                        C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\leave.pcm

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):3803
                                        Entropy (8bit):7.792677014386457
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:3FCC19F6A199E97646A0AB32423C9332
                                        SHA1:05613B14D6C7336B24E9779963D245098E73B40C
                                        SHA-256:EFBD514B0EA241A560F1333CDBB90A9885D5C70C01ED032D11B8A672B1096A04
                                        SHA-512:B370AD863BADD0D86D982EADA1FD98306B686EF1CCA4CC522558CBDE40257EFFA96AFD7327141BEB08D9927A6B190E0047AD7978E87A41BF299F030C1CEE121C
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:#!SILK_V3....+t...I..#pC...+t......?...+t......?...+t......?...+t......?...+t......?'..6:."..i.{..3M.. ...u.r3..t..H..#Wdv..:.}b..0....Nz-...b{3....R...r./M.{....>...(.....Zp`Vt.....3.}.NI...P...7.....B.J.F.B..QK.....b.L=8.>.P6.]z..6@E/.}.."7..h.....P....'.q...9...J........e._.;.>.vO-.}.i.R..)...d&.^....z..G.......*n.B`.8.......4.~-3R.6.g:.....;.j.?l...n...*S.}7..K.x.lW..>.k....';.~-3R...P.$...I.....s..W.s=.]|\...cPi.q."k..q%O..%.*..G.;6.~-3R.7Pc.G.!..x%S...Wg.].Q...P.~..0$....9..R......J..o).~..JcR9..$...M..J......u.E.....b.r....%.}.g...v.....2.Jl...j.Hx...4......&..3.}........P..L......:u..uY7..).f.........V:|.~.../.}.....+H.,...r[...H...._.C.HU..?:..&.}.h.....&.}.....!K=f..>p.!GT..8 ...n..JF...!.!.}......j..FD...{T.3.0.QB..A..a*.W/.}..n3..m..Y.,ys....9.g*]..............W>u...#.}...7.. a..O..Kp...Tgqh....G2uDR.? .}zb.7...pvf......Q.v...p1..#.[|.#.}W..`8.{U...Z.......}.p%>.q...|a..!.}:X^......)....yP.=Tx.5R....p.O.!.}<..,..V...7..N...h..b...]f....g4..o

                                        C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\libmpg123.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):261432
                                        Entropy (8bit):6.683054668867204
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:76CD3CC831769F60AD9ED09BB45B2B97
                                        SHA1:78F6B80CBBC306D2807CE045279A974F056EB171
                                        SHA-256:1D839B36A46FC91CF171B9894B4CDAE54E440F9C20DFF348FB4C96E5A8B1AD98
                                        SHA-512:1E20803EF5EA9BD59E2389740A91D756665C3E901AB68ABB001A7FD6E9173E3CFAA5781F789E09D6F8788D79D4B14500530FB53D496F880715CDD239AF3748B2
                                        Malicious:false
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 0%
                                        Reputation:unknown
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......7...s.jAs.jAs.jAz..A}.jA!.k@q.jA...Av.jA!.o@..jA!.n@{.jA!.i@w.jA(.k@v.jAs.kA .jA..b@i.jA..j@r.jA...Ar.jAs..Ar.jA..h@r.jARichs.jA........PE..d...c..f.........." ................ ................................................(....`A........................................0s..0...`~..........................8_......<....J..p...........................@K..8............................................text............................... ..`.rdata..............................@..@.data................x..............@....pdata...............|..............@..@.rsrc...............................@..@.reloc..<...........................@..B........................................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\libssl-3-zm.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):842552
                                        Entropy (8bit):5.527592808622148
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:2FDCB85B30266D01B228EDE60351200D
                                        SHA1:E0D441C947EDEC1B8619B85DA0D0FABBABF4AA70
                                        SHA-256:2A78A0515BFA4B8724D97D037E483ADE6C7169EA56199990B1F5FBCC63A8C0B7
                                        SHA-512:17667FE839DD735C635FEEABC30C5113A8DF5A21EE4B91EC3F3643D9F549F2FB5CCF30DBD7597ED0E61625AD39FDFEEFEA2B96FA4AE74767969E79CF5D6076D9
                                        Malicious:false
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 0%
                                        Reputation:unknown
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........a@.2@.2@.2I..2N.2...3B.2T..3B.2...3K.2...3H.2...3D.2...3C.2@.2^.2...3p.2...3A.2..n2A.2...3A.2Rich@.2................PE..d....3Dg.........." .................................................................B....`A.............................................Q..............i........L...|..8_......d....d..8...........................@d..8............................................text............................... ..`.rdata..|v.......x..................@..@.data....N...P...H...<..............@....pdata...U.......V..................@..@.idata...c.......d..................@..@.gfids.......p.......>..............@..@.00cfg..Q............T..............@..@.rsrc...i............V..............@..@.reloc...............^..............@..B................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\mcm.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):2656568
                                        Entropy (8bit):6.428911655860224
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:3DBDFBD12D51690706D849EBE731FA5A
                                        SHA1:DC1EC592E81A5567B12E91F50418EB05D3C65B65
                                        SHA-256:E73E3ACC6FDAA8829C0F7D48497151C5B775F3C5675F8DEECA30E89589EF1CE3
                                        SHA-512:910DA060A2E96F4BBCCECED6FBC8C0B8F75D9DB78275EA985DEE8AB3972D5CB0CC3C948624858D3835AF912302A49F71E61578944F4693FA4CCD50B62307F2BE
                                        Malicious:false
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 0%
                                        Reputation:unknown
                                        Preview:MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$.........S.[.=.[.=.[.=.R...U.=...8.A.=...9.S.=...>._.=...<.].=...:.Z.=...<.].=...8.Y.=...<.Y.=...<.P.=.[.<..~=...9.P.=...8.k.=...=.Z.=.....Z.=.[...Z.=...?.Z.=.Rich[.=.........................PE..d.....wg.........." ................0........................................p(.....N.(...`A..........................................%..F....%...... (.h.....'.X....*(.8_...0(..3... ".p...................."".(...@!".8............................................text............................... ..`.rdata..v...........................@..@.data........0&.......&.............@....pdata..X.....'.......&.............@..@.rsrc...h.... (.......'.............@..@.reloc...3...0(..4....'.............@..B........................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\meeting_chat_chime.pcm

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):2048
                                        Entropy (8bit):7.897654856457086
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:B30A997B4A9DF68D8796EEF6F457F4AA
                                        SHA1:23890FBC1F66C1061C60B8287659566C69B297D1
                                        SHA-256:F2FF5D73EE2A89135094ECB5165B30E351BB24EE4EEEE95508F311EECDC9811F
                                        SHA-512:8CFC3B13D7C2FFA0438AB12669AEF756BAC76063CBF317E449E5BA4127C0604BAB6FBA793866857F4A68806E9ED779C0C521FC46C5AE3AAB42DE7C72D98613F4
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:#!SILK_V3./..8...E....?]w#.M.....@..U..q....C.......|...Y.....q.+.8Ihe.Z...![bk.!......h\j;X....k........u..+.....c@C..R.e..'5}O.....d.qvy..qOd..|...K...8Vo.....)..VK.c..U.^..-(......6..t..B.H.9..}...M%R^.e.....U...f.3It^A#.7.p>..(.d98.Wg&`.Y#.j.~.~.U.O_.)k.....n.'.KZ....mI......jw...cQ...........g.~.....H...C...j|..q...,.\.N.._Q.Jc.k~Y....,.B.k......J.5..H..b...?.=Z..3.$.E.d.;.%.]9..H....'.+............?......BBC....[..n.ZPx...X.q..8...F.u%R..Am...HF...l...z.=7.....i.y.k<)R..../_....a.rAy...7......(%Y.y.+..B......J...U.c.(1..2Q...5^..6(.,.....m....o.._..X...%-.1[.S..882o......"....2....X...s,..,...!^......fS..GH...Y...rW..P^...!n..FZ..n1..k.:.p.....&.n...iXG<...s{.~k....9..Qj....w......X.:H.P.7...A........v....'.ld!g..8P...t.......k=..qg.qG ..q.(..?z......N.4....v..m.j.'~.8!.Tu7..S.:%...GW..-.S.>.C...63...z.6.%......pr...V0...x.gR1.8...*7..PT]...Z.Q.C.}3...H.j..Z.g...g.f....t\...wcTmwkq..U.U.m]F..)LAa.J'.....t.....,0.Rm.~..W_mtU

                                        C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\meeting_raisehand_chime.pcm

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1091
                                        Entropy (8bit):7.45310581507486
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:CD7D41D5204013CE176C99C225016D6D
                                        SHA1:996EA48981E81ECB107CD77FD0D6E35EDC4D4214
                                        SHA-256:CD9B81D47633FE9AA3F1020D895161DE8C31797B365F93DFB22A60D920CC2EB3
                                        SHA-512:44AFE616A2596ABC76CF9F862837B26C00E6214A08B61C6569E7EE07AB4331F4968D718889863CFFC74CEED55FF377932432C7191DBA4EFDB638EA3B96BADEBC
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:#!SILK_V3....+t...I..#pC...+t......?...+t......?...+t......?...+t......?...+t......?...+j........Gz....8..3.].w.mH@..k.W~...K...?*..p+..=.n..?#..wd`..^p.!..I...........f.%......y.L..jc.M............s.56.~...+...;.H.A;n.l5cN...QC.K.9z.v.F.R8_.0...{}...(...YC..VE..H3..r}..'....7......%.....*....k..-Z.L_.H...|K..H.7fw0.....yW..o.\'j.;.....!.O......m'.M,P .B;..%$...O..7y..6.R....Xa.].H.Jw.3..Ws....4...A.)...zU.. sg...Q,8S.`.h.{7../.D.{.<T...5..?.5.c:c.. r...&....?p\.?..s%.....~.\...i..9?...,......,V.p.".....J$.~..d.Y..z..C.R........+5........}.}..x8....5]...b.....Y...*....%..#L..R..{F.).......r.....[3....k/...\5......@Z.!....h.#....;.=u9...r.'..O.pB"6.2.|.x^....p.4...S..u....!..!...8.`^...{...f.HK.....@..)}$..O#&_....!.9B.....}...N..L).c.+...s ..a[.wS....15~.s.#.^..%...&.C...7!..T9.d..%$.)m<.. ..'@.R.r...]o|h;"..a. .M..}(..(.riB.@H.k..=..X}/.....%..6...\.>..hD......I.R....+t.v..o.-kL'...+t.....j.....+t.....j.....+t.....j.....+t.....j.....+t.....j....

                                        C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\mfAdapter.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):146232
                                        Entropy (8bit):6.482017236956192
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:11F15F225359597F1A4FA8704BD4977B
                                        SHA1:4CF052C7780FFF4469EC9EE2001014DE218A1097
                                        SHA-256:D2E0DE4C7CEC212A4819B5C3001B479117260724EB3B7853CDEB6BF2598381A0
                                        SHA-512:9F8FF0FF2E945E8F163A17D8FA38481CFAB0316577F43FDCD8577A48F6B386029184738302AAF4EE9A08F3AF40A3F3B59D6BE1F52FF5A7C22B0E7F9B704B2A06
                                        Malicious:false
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 0%
                                        Reputation:unknown
                                        Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.........E5j.+fj.+fj.+fc..f`.+f8./gb.+f8.(gn.+f8..gv.+f8.*gl.+f...fh.+f1.-gk.+f1./gh.+f1..gh.+f1.*g~.+f..*gi.+fj.*f..+f.."gz.+f..+gk.+f...fk.+fj..fk.+f..)gk.+fRichj.+f........PE..d...G.wg.........." .....6...................................................0......yn....`A........................................P.......@...........................8_... .......x..p....................z..(....y..8............P...............................text...O4.......6.................. ..`.rdata..zr...P...t...:..............@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B........................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\msaalib.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):53560
                                        Entropy (8bit):6.810742119641898
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F2BE2DFB56D07E2600250FAE646FB4B9
                                        SHA1:8EEB621C33515984384938116285FF85C6CA0600
                                        SHA-256:D20C2FF1750C29D0A72B297033518DA70B5C41D805B34FE9EDCCB64027935782
                                        SHA-512:74975A31A4BFEFD613A7F6AFFFF3C9DE20C125C09AC5F835C0E9FFD07B6A9B10A570E15D17EAD876725DA7641B40C726E38CB4729DF28A486414C642C6F3FF2E
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......B..L...........5....T......T......T......T......]......].........B...............Y......1..........Rich...........PE..d....wg.........." .....:...<......p?....................................................`A.........................................g.......h..........p............r..8_......$... X..p............................X..8............P...............................text....9.......:.................. ..`.rdata... ...P..."...>..............@..@.data...`............`..............@....pdata...............b..............@..@.rsrc...p............h..............@..@.reloc..$............p..............@..B........................................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\mute.pcm

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):527
                                        Entropy (8bit):7.579323706090726
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:0C36D3EE8B0780BF848BFF08FCCE51F4
                                        SHA1:BC009E83D4416044D660F3B7266E4035616014EC
                                        SHA-256:B778592A0D29FC31875474A84ADCBB9A5BAD1FC095E7CD2D408B3DA219424A1E
                                        SHA-512:8CDE508B52DD45B68BF796CB0FB8995A94DDB1D76AE2827416B8D1122EBC9AFB9AC20C42605FCB4CA94263A1CD5A2A3828F5A97075220127EC87CC6C9C3133F3
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:#!SILK_V3.Y...'.W.wx.. .#d..]... &....X.....h(...`U.i.[..H00.....TX.Gn9@..Bl.g1.D..8.q..)Uy?.ve..)/9..g.R..!k..e...7.......X.m.V8.nw..qG..*^..F...<>...2'A.}L.FB..b...^*.~.G>..*.1.C....K.{...H<0X..Qm.bE1|..hvf.:.....N!.;.}.(.QMUd*[5..:a1J....b.e...zS...)..@..#.9DFf_...t.7.<(...>.."Y{............#.Kxxf,.u..L.'..[.jbJ.P...L,..:..Y..,.B..>F.2.}.61.....y....R.i.~zZ...~.......ah.n..Af.&..I.}.*....'.Y..?.I.1.{.o..yk<.x....i...).9......B.9.....b.0..C...9.)..."..,...fu.e...ioBOx..l}.}.Z.9..w.OR.~w.&m<.=.G...

                                        C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\nanosvg_LICENSE.txt

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):880
                                        Entropy (8bit):4.515352528204619
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:078690812AF4BA8567FCC2AF2CA1D307
                                        SHA1:F4F94BABC436555D2F5992E29AACC47433FBADB4
                                        SHA-256:E82BC3DD03400AECABE12201219BA14750DBC4B36FAAB58663A7A6068548D372
                                        SHA-512:F4E1F1092AB90F380A63ED1954023722D265E32F7F3D9B86100FBFA7D6ECD8C584A7DC22B4E3CC4182957136E2D765D0D6A293694B739377C09B076E5FE448FB
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:Copyright (c) 2013-14 Mikko Mononen memon@inside.org....This software is provided 'as-is', without any express or implied..warranty. In no event will the authors be held liable for any damages..arising from the use of this software.....Permission is granted to anyone to use this software for any purpose,..including commercial applications, and to alter it and redistribute it..freely, subject to the following restrictions:....1. The origin of this software must not be misrepresented; you must not..claim that you wrote the original software. If you use this software..in a product, an acknowledgment in the product documentation would be..appreciated but is not required...2. Altered source versions must be plainly marked as such, and must not be..misrepresented as being the original software...3. This notice may not be removed or altered from any source distribution.....

                                        C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\nydus.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):2925368
                                        Entropy (8bit):6.166896570770172
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:2715B2AD85ED34B54675AFD47E051BAC
                                        SHA1:6919FE3CB0B35CAAF1F91F22ED1FFFFA15282EC9
                                        SHA-256:EED16EBF74F8BDEB85062201E884B3D81EA9D49763589E153A0AEC27BA248189
                                        SHA-512:36660AA942ED1071EFE72D2A1B91FAD58B6538FF74746E8DDCDAFDB7BF9C057F7133418CA8FC2C0695CC538D42A892A6E323A667F75DB42A11E7856C6DEA740B
                                        Malicious:false
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 0%
                                        Reputation:unknown
                                        Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......V.............u....t......@.....@.....@.....@....................d......................q..........Rich...........................PE..d...r.wg.........." ..........................................................,......O-...`A..........................................(.......(.......,.h.....*..g...D,.8_....,.D....2#.p....................5#.(...`3#.8...............0............................text.............................. ..`.rdata...c.......d..................@..@.data....a... )..L....).............@....pdata...g....*..h...P*.............@..@.rsrc...h.....,.......+.............@..@.reloc..D.....,.......+.............@..B................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\pcm\beep_intercom.pcm

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1352
                                        Entropy (8bit):7.8077101407801095
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:618A307EF3EFAD70399A6107CB1CE9E3
                                        SHA1:8B42E7FC116A27A3FA868DB49B3D0204F42CD913
                                        SHA-256:32567197286CBB2DFFC282F7CAE8D46D13AF9D5E83BC98773A836904D244326F
                                        SHA-512:3181F538CF34E09DE3CED6B702EB55654888B3B533A339EAFF97F6F6DA9014900F076C76DDD407C0C3736156A896FD23A07952C04C06664103CC74F317B8EA74
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:#!SILK_V3....0.=..m.1......0.....IQ]._....+....?.T^[S.2.....0..(.. ....#.?...0.@2b%x..k.....0...>..@.....o...0.0.......@....0..+...Mu..s\.C....4..s......H......=..7M.2\.U..$.W.|..fO..B.b..qG.F.V..{....1j..&T...Y.7....9...e..j..N.Vz....q...D..X.n...^.GK.9....r.......N4../...7...Q...yV.9..q.G...cM.N''rf....3...z.o.dy`.p.C8.S.o..w6......3.'(....G....o$..U4..j.HP4..`h......N...qz....#U.-..J:.a..G...Sl.S.#.....^!{.:I.f...t}9.d#.`D^..7...O...U+..hC...T.$.3.R..N..........~./u].H..."f.t..8...b.Iu....!'Y../8.7.U.L..L\..w.s....y.N......g....+..c1........../.~..WX...^......l.).M..3Y..;~.\.......C......q............B#.....0[......?6.......l....\F........l.=.....G5+..b..w...xi.. ,..>R.?&...GZ.....b`.0tY...=.r^H.U...Y.l...1C?=..7L.,0..M..~.!...n.....f.@.........k...Q..;K..#...G'*...N.;...[..^.[.(.Q.x...xA...?.:.:1..(.a@..p..R...7^.8..4..`.36............7.,..M..Ne.....P8zU].nx6.HW..6.d.#....y..:...a.T...!.........6.......iL......2..]..G...E..5.o4.

                                        C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\pcm\double_beep.pcm

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):3506
                                        Entropy (8bit):7.824792989767301
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:A2243B1DDD8CCA6C40030020B57C606E
                                        SHA1:9D0084832970CAAF750335D5B27A3104623E2275
                                        SHA-256:E00DBB2ED88CD107BF384102E1353BB8D3A777DD9624A680579E4267080888D7
                                        SHA-512:04BA003EF55787F3D19006E8A3489B861AB86834ACEC445EC463172F5530FE72472C0BB39F62FF8D0222F388B63A6B2E28F5919FBBCCEA416654D7CC13F68B49
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:#!SILK_V3....F..eawM.?...G.{.6..9.j.4L.[q./...G._+~i].DCW........G...=...9.%.......c...G*7.v.&.b.S)K.X.^......G....!M.\`.....O...G..S#.?th.1....P.A...........V.=..Z.}.G.U...A..JO.QYl..E....OXe[nG....'jF..u.$u.X.E...../:i..5..BH..O.h.!...b..{9.W.6{..Y8...Ajo.[..+...C}...8..W.3..BH..X......!..fl.U.8.2.......E.......1.Dh.`_...;..f..Gkve.\S^3'..>../.I...e...eO@qb.X0.)......@.L..JY|..jy-...g....2.8~3.\O..l.)".... ..........]i..7..C.).f..I....q.....~.-n%..L(?c.b.|.5.......3..w...x.o3.....`..C0?\...1c...8....,......7.o.....).^......Dc.1..B4.....R.....H.....Yb..3....$..j.......>..6..c./..V........O..ew...?L..(..H[.p.|...f|\1....u.6....S.xJ.L{..j5-..}....._.W....H.W.....B...;.......5,......}...&.3.{OL....Qm....[&t.)..H.......A..I9..a..|..n.+.B ...X.8..I.....$.+o..1....w..N...1MF:v.3.=.#.7.....=..~}.......B_.....9@.L.l.p#...]...;D^?}..."}-1..5..?.y......8....2ep{..}.X.........M|.#d'5..I:4F5.^...6..UPd@...Z...:.&O........./%.,[.....Zze..

                                        C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\pcm\dtmf_0.pcm

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1759
                                        Entropy (8bit):7.840018620642771
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:285974390C5114E6A8E91A2D63266A38
                                        SHA1:F5B5B5CE959380D0358C463E2DCB9CAFBE709843
                                        SHA-256:394C441E19F6D34B46BAEB7820726F279BC71D21E6911070DBB58E67568ECB9C
                                        SHA-512:DE85E1FC198FA235BC233CFD45747C30A8247AF71B83E8CA30800CD754E6C45AE2D9754E4DE0D51E3F2AED26FF8CC829D29374960F3B434E48ACBBDF530EBE43
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:#!SILK_V3.^..B.XiX..}W.....@7U~..5.U..b,........`&.uV.K...A..n"|..DM.9)......h..W.........#K.:.}..tA.P..q.n..9(_.I.....~...h[>a..y5.{.....ie......;~.yx....q...%BD..0._._.....x.N..1...F.M..SV.h...>._J...c..#-3....|..^:........kw..<z......RL.6X..Z....K]Y...C...nB.....>P...~.F`fS.....E........`}%..O.9..S.K....g.8\Bt.=.....Z.S..@...wB.A.l<.:.k...E|g.q....4c...S....M.rmuy`!.C<x...t........>..i..;W.8.c....Px.5-..$.2......i. .).....nM.Q....B.l=xs...J.s...E,tc..|...^....?.)....w.....MP.S....i.r..Yl.|rW.l.....;..p......!.......M=.|cz..?...5.v.T....)....hQ...q.U...E/...Y~d.F2-.......w.@m...._.gF.q...<....~.0..j'.#.(.....>..SdX.^..'.C}9.)....W......x..}....Z..p.B..,.bb..+..6..F!.Y.}C.J...... ....RO+L..._.#......~.>.w@.n...V...Uv..-y.a1.U.a..S5.8T.......|..N;Y.c......Q...7E.G].j....RI..8y.n%...&...=[&.h.d...E..rTH...1NCQ...?&B|....E.G.{..|.~C....../.s..&.>...Q..y..z......f.OR......z.V...Y.........Z.b...E{......d.~.v0i.D0.5..0/....m...}..?5..I..

                                        C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\pcm\dtmf_1.pcm

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1633
                                        Entropy (8bit):7.819085905232397
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:842932D135C62A4866C698CF415A13D1
                                        SHA1:7977E8280576CDFE14449E0522A824342899E21B
                                        SHA-256:1A5EB409A8DD747B37E24B3A7A0C3C8AA7C55778A9BF4A71F4BDF3B5AD298C5D
                                        SHA-512:A34AE285E13CF25BEB93153F1DE77C6BB61941FD4D8F91B9689CB84D37204072ED4DDCF17A7F2319393DB6383A949D4D0A8722245116F6AEE8EF62524A403E29
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:#!SILK_V3.Z...@.....z.m......+'......WHwXj..$.....E......L.Kv|-..H.<.%......v.0.#.D.........OZ....`&.....!&.Zj@T..v?.r..........+.O..X.J.2.a.I?._.^..T......=.vq..Qz..7.S!........\....1..U%Po.......:..ic<...<..K.F.9.......!.-\.f...-.U.s...0..d~.S........6O9.g...h.I......$...G....;R..{,..B..vt...Z..O.&3_(.!...C..}.0(X.....na.8W>...]...7P.......K.IV...NA...D.?..2#k..-..M.`..W9Q.6n...y.....'H..q.U..X1._..k.V....h:.i...4.....1.<..n.;.YO[1KQ.q.%.6y....P..VK;&..)....B1.i.S..B..#.-....-#...3.X........#P. .....5..Z..p..h...YU2.l..'..8....8...r?.X..j........j.j...a. ..Ju2..'k.......@W...#O.).~.....4........7..Y.E..5m.`.Q...6.%3.|.Q..."Q..?.mA......L.f.S.j.z.\....P....N.eF....)Q_..,53.~.Q.@. .r.b':.K.........^#.d9.iPSM....{......E..Wp...`7.....Z....g......`...x.v..w....P......$...B....L..-Oa..V...p.............2.E.p....j......7. .F..h.3\l..(R.&.oN...............5.....bcb...<8........-. .&3..0...?.<...........8JF.65....'..K......$+).....3....

                                        C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\pcm\dtmf_2.pcm

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):2016
                                        Entropy (8bit):7.87921662885439
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:D30328C7EC556E0FC8537D1A2316C418
                                        SHA1:BBD09BFD865686297BC06FF35FBD5F56374E3DC3
                                        SHA-256:37DB0A7B3AB878FCDC1DA65DC21C006DABA8791C87AE37D000D516CDEA9D4804
                                        SHA-512:913C7F778F1A954C43C275E544689A528FC4A59D30F1D315359191DE60F9BC9544BD322FC6842B63E8931E8F0EE8579F63A3E810F165D92A2F702AD3D8E5B6E2
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:#!SILK_V3.W....h..$.|.;..............u.Q..9..2.#..VEGPT,..a..9G#q..x.c.$*..^......K=..>......pB?X........q.F^..F......)j_f...}......e`.C.b.v..,.4.,{.T..tYt.....".....}..I......F.......... ......HY.p(."..,%a.....`..lQ.{..pB?6.^.3.....n...(i....1..k..._H..V.yf..FWl..hR^.d.+....O..?....'..W...)..L'.2....6B..u..... .l....g.z.j.^......z..4.7.n..pB?Om....?I./..D.h.>..).W7s.;../7fG...z....#.......9h.mR5_...X[.....F.vf...g..G.P...[]..A.T.l0..=..../P...@.....[......4Y.n_......:...4.GU?L...R.......<.`.s.\\;.&..K...~......I...i...=...!.....C>...n.@# ..L....G.7..b.un.\.E.,*...|.Iv....U...,>....6...Co;..]Id.f,+..ZT......Oq.]..E...Y.d...@...Y.o.J..& i.....b.!q.7.........O....2....S)..r...+.....<.......W.[...<.\.]......[.M..1q.t...@Ml.ZP}0.}i..3.;...kJ...0...;{\QzC>..'.."f.....@e.x...?l....P........@......d...u%:0....H.HUx..i..3..m..?....X...@Ml........#.6.....#.<...c../..z.X..U....'..hK..[...?/.NB.6....M7.5..........b.H.n....hex.WL.L.|DK.y._/..[.)

                                        C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\pcm\dtmf_3.pcm

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1816
                                        Entropy (8bit):7.8505156481158185
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:3913CDFCA0B0DFAD1C11AB3CDB81DCBB
                                        SHA1:92E17B1F78788D5B98BB539AAED018FD72244411
                                        SHA-256:F8902A24F7DD5F4355E684AC1CB0029992581C610AD011ED2C900F8957C104AD
                                        SHA-512:43D22A611B65E10B9BB4B8405A993A77618C24D8866032672D43911707AC9F6497826CB6C975AE422C7D61412D6BB2D2DF0412FC7FADC0E5E5F84EA09C7475FF
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:#!SILK_V3._..B4}..Nw........k....L2D..|q.|.;d......`..|.+....=...},.../.....thpq.......wz.......=.'.5.;f......4.y.9-.0..k..$'K.7Y4.[...X..aU.A..V....4G*r9^.....~....3....l+...3..3....-.....|..p.?...x;-;..f..q.=.Y%)z.(.8...W/.D.8Nt..eYzsX%j.N....,._.dcX....z)F.'\.....?b@.3...7...&*.g._...n.}:s.."c.U!.5Z..q.=.4.U....mpvd..E...55..*.....1.]..y.x/..x....`UyP..........E.8.s.D.P.?b..-.;..#......m..r.l.yc.....xNRJ.O.e.(.r..jm....I..j..........$.......4,"`.x.{N...UX}(.f..O.2W.....r...<...`...O..s.%.U..Sc..c..*.C@lIU.^D..blS...S.b........wn{z...C..Xb.fqo4C.....rI#.....mV.. M..V..y.d...[...#.Gy..M..`..c..*..9!....N.f./.. .)..%.<}...".c,..0&aa...m..b(h..}..HQ.>..T...@S.|B.....)T....+...VS.+$.S..`..FBxJ...?..)..7J~z....-.......@K..`~.4<.k^.1.{..Kr..,....]..lCa...8..........q..q.....C.*....tnz...%F..(X..F.,z....u....d.wuC)%.-..N....n...P....z.oQO....m.mUe.0..pM.........J7.3.09."Y..{b..q.M....L.....B.BW..v..[.A....{..G.N.#9.9a.l...?;._Z|.IY'..........M...'....^

                                        C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\pcm\dtmf_4.pcm

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1541
                                        Entropy (8bit):7.816601697397621
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:065CE5DC0D49C48589A3EB19603510FC
                                        SHA1:D0852569E60486C2D9206C35BE826AC4D23F79BE
                                        SHA-256:C50E689F830FEA83F82C6CB2E5472B3827C5635490F0D2B0E56C346BAD616A64
                                        SHA-512:C4661A30868376A7ED681D4D984EFCBB8AF4A7449059F31225C63CE1CC88A3B4A7FBA3E3047F2B29A0E0E437E8B4832E888F65EF86EA40C2063AA0F736C61307
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:#!SILK_V3.U....]..I...7.........B...3....7..O4/q.K`I1)-uU...P.q.c%.....'..le........Q..m.0.m...AM9G...E.g.9.`..=+......0x>|:.....\qvI.1yA=9.s.z.sj..u....;.y..`W......X..Rt..Q5..?.3.....kJ4..z!.a...j.N..4[.Xc(.'5k|&a?s.$.<...F.cA.!v...3<.T..."..]..6;....'..R9w]..5. @..L.....+E...<.v....>bH_...T...AQ!.O....c...DW+..n|.V.U.............!....b..N....%....[..L.r.4.DU...>[.9./%$.#.,R.K.E8F....&......O...f>...Y...q....?$z..D...<.v.......Z.p.,.p!.'jJ....#.b.&..!..l."...6.&..z.....b...3>..S...<.Y.V-L.$.<-...$.B.......!.j..^.-........el.Zg75.;I4.y..m.M......RJq..w8...I\..B...<.v...3[kq~o..di."2.bW..T.....[.f.......Bh.".15...3.x.Z2..B...<.v....z..t...E..N7..1....P.R...X...I...DL....0..vB.G.....R......P....~.....K.9.~A FfQ...%.cNm..;.......C26....Q....$:..!Z./.x..Bm.e?E...<.v...)q/.Z....Mr..fM.zuJ{.H.M.L3.....(..|........G..L.....mDHT..WT...@..B..~:........p.h.BKp....Z......jT.. ..}.i....t.**...!N.'.\....6....sZ.'...x.....a.....W..r....>.j..x'

                                        C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\pcm\dtmf_5.pcm

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1623
                                        Entropy (8bit):7.809223350736099
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:532231D1E36EA53A168830033CC0AEC5
                                        SHA1:4407C14FFE5B12B7100DB43FB011564269F702A0
                                        SHA-256:83EF758561576BBAA981E976510B74EEEACC181834064BA7412EAF876CC25290
                                        SHA-512:05BB2D8AE7CF3EAD9DFBF05FEF4983EBFD4F5A8991BA43A92191A1A97B485DCF17E315B9A8D39300C71BE7114F15F0113A75C6648FCDFC46B46E6CFD2B3CA0FE
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:#!SILK_V3.X..@..n[....|}.Y...../.5..l.....MS.-..+....KJn........{.0..]qu...1.rJ.b....."J..Tw.O..g....+S..Y...5..=.$......i.f.]...GcS#.O...>7qC.L.:.1..k'?.z..$.....=..........'.QJ9b.X...).]E.8.c?P....u.2.)J....w...}.~u\.'"....e$v../g.`.`..*.B....{+.....7vd...m..U..Z5.4kO....u.2.#..^C......N.k...T...<|.........p1...).5..R.....Fy.n......jg....q.m./N....u..D.9....Z.M.,.....M.... u.....H..a.q....(.9q8.........|v+.\[xr.#Y...i.].....O.[0-.>k\.6J.r...}BE.{z%<...k&..uOnsp..e......P..g.a....?.......8..CNE......a.....r.c.P....u.2..D...E..i.V..S..~.....;0G!6....f........V.4...5.`'......Cdg..s:......S....u.2...F.......{..3&C.O2...g]}....n..Eg..X...![....S..;..2b.....{.&m.....0_R....u.2....2.Uf..v/"..dN*t.}..Mp....E....'....x!n,S.+.....EZ&L.M..`....ej..N2..S...=5.2.....@......J3!.w.\..T.].U...R....&.m.6&....U..c.b.....7.&.../u...nJ.>...P....u.2..,...In...%........%..|._..$..K..y$[.....`B.....o......s.'.....+..b..W.....[_(....Q.:v..#.u..`..HSV3.{.a+

                                        C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\pcm\dtmf_6.pcm

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):2014
                                        Entropy (8bit):7.868443881274733
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:A8E1E6AB27026FCC27307250E40DC64A
                                        SHA1:A3D1BCD57EDD4AA3F52C259A5B72C120F040D583
                                        SHA-256:FFC6DA3E558A9B25CC03249F675AFF3BD3AC21D54435FA8B23F37CBAF54DDED8
                                        SHA-512:C82FB729E9AA1FB56EFAE9B76F42567B871B2626C29945D0E6B51E4F876F43B97B8BC5F0BBAEFA56CD8B881DEF405C6B8A44F331500F169DE80ABA120C98F766
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:#!SILK_V3.R...Q...9..:..W.p..%..G..QX.=..;.|D..1}@....L...WM.v..<<...>!?uG..AM....k...|d@...i..4..q1....uC.-...z(+...L..T.8z..u!.....#..C_~.=K..s..L.V.YE..m..x.....`?...XG.,4+~@.....+,....&..a8..v..oM.ZD>,.8x.g./.C..o..A.SV.{......;,...+$.+..._.....f..u.."......_..T.4....#...X..$...X..r7..".(G..R:...qc7....%.r..oM.ZD>,.9`Z...u..;@q..$.@..F2...'...i.{..PY....d....1......3.....?.1u.=.V.B.9..n..Np..&W>7..;..@.....XM....9I.]..o;......W.5.Qr......1/..&HU..c..A.......\PI#..q.B..-..5..Z.p.4.VM..v\.jo.c.q...G....%.7..u..oM.P..:.u..j.....tO.D.r.zuQ.:.....k.."D.1m....0s..^.l.v..%...2p.,...y...A.;..]^g`r'.:.%w..e.4EI6~.h@....tv#..<Tg..a..q...q.....p"%#_d........&...... ..Kmw...[..G...w.0..z.qc....2_P.f.v..J.[.v..&.I...n..x...Op..oM.P..:.v..r.Q.F.5x..8..N.n.J.Z.p..Q.g.*....k......UoH..H......eX.]...r.W'...5`....V....#...7s#6.3&Q?.mV7...q..oM.P..:.v.#.R^.JA....+...*......A..Mzg..BI..AY.......s5n.... .Mm.#:..by..5..,..D@.6;..o,'z.e.[....N.jK...t..oM.ZD>,.:G..3..9..

                                        C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\pcm\dtmf_7.pcm

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1516
                                        Entropy (8bit):7.7862469645564625
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:4F9CB5DBACDDB4099469FF30FB61490F
                                        SHA1:0A338B3AAA04309584AF7EE0F14F1767AFBE1DA7
                                        SHA-256:79F7A132B33C6525EE483231A53B8298620700AB21343CFA70D716E96FD12B8F
                                        SHA-512:488FBA0F24D2382DDDD25C05531A5F61683F774DD86D41B652CE9473224607DE9744A5A4463907930EB3B010E6F97F7B7D1AC5A9DABA8453525735D338399A5A
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:#!SILK_V3.Y......(.;....9.KB+C;JDB...8..e1.......#...9.../.g.w.6......c.h{.`......4@|.v.-.hC...R..4.C...}.....|..|(......s.Vb..J ....^....1)..WU.........5..La...E..D.........N...=W'....n..e....;.|.....J<.~......}..&%5...|.hsM....z....B.U`.z..........i.........i...g.E3.I.C..."q...v..@v.d4qM...5k.L...........E....}6.!....~..`]_.].XE....'7...i3.h.H.k.+?..j...:i.*`.0..m>.h.d...y...Z..=;/0..T..w....p.$k.m...g..P..,.D...=W+;S.....d..X.?c...?v.-.=m..X..WL<.....*/...(.}2.Jf...g..xV%.!.A...=W+;S.....w.W(.\\.#Y.?.....r.j.....A%.c.H..m......m...]..q.7?...=W+;S.r.._N+z.....6l%.f;..:...c...4.R8...}W..K$(...%..l~..SG...Va.T~.....b;..W/.....#zf..]......C..~...n.1C.|.Q .%9W...7...|NU...Q...=B...+....%1.Y6^w....L.....}.......&. ......3N...f.'X...x..#`...k.R4..S..+k.T...VO.W'...>....../.{.cNK.|.j..T.q.cbj.Z^<..?a..y.;..0.|.........q.>.0.`......t/@...=W+;S..fl.F...~..J.kmF..kN..t.w#.......Qa.[$.m........U..vI?...=W+;S...dB..n..>w......i&7.K,_...;q{.yD/..G...j.

                                        C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\pcm\dtmf_8.pcm

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1809
                                        Entropy (8bit):7.841401808098726
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:A9293ED20C46E09EBB87CAF37E92F3BE
                                        SHA1:DD6E3CA3EF79D26F71FE432A2D928E9177F13205
                                        SHA-256:4C682A59D37C32715D7E82C1592FCFD51CEAACA7FC4464817F74D0C005A02372
                                        SHA-512:AE2572DA5274F686AB5B2CA05C273E103E037F1B2D21775F86E780A6A4E97F61059387A063E86F276253011BDAF188B2CA20CB29FFCA5803FCE5CDD9A69F38A6
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:#!SILK_V3.S...I...F.yi.....b.zx.....".;_......N.-.....d....+....Tf.w|...}......F...Q.mo....__.....W...;.D^L.....T.0..U..Q.K.4...U.J...*.........K..../..I.vOu..T................U...u....OX..r..J_vFW...c.p!...L."..'67.......%.,b.....u.T....L$M...+1E...<E...Cfx<.J.z..-...rf.GU..F.m...s...ake..01g}.sSb.Kc...Z...}.......[Z......i.s.#m..h.._..`...>.A=..O.....}... ...>.D.,B.i..k..0..R... ....j......D.d;..T..h....b...<+..A..v.....|..\..\N.(.....=.......;.j.z...}u.Z..6......5....I...}.A..X.r..b..o..1.....M!....*J.2o.~z]L#."..&....&'S;.h./.B..9.Q...b...}.L.......[G.h..~x......w..M.e...8...J...........qZw....PU..G......`...S..r.x..%....eQ..>i...}..-.7cM..hRD......"....N.L.S`E..=r..n.0.[.Q......%...?...E.J..kS.....h.....x..B....L..[&..90..~Os...}.O....zH#3ar.$...b.....x#.[me..6.M....1....h*#....V..59.....i....2.......v6..Sj..*..j.U_.......H:<...-.V?]...Ew.Q..h.xrOc..a...w.*....w.88...\.^......r...\W.......R..a.}.'.Nn......\xj.UY.!...G..c..r

                                        C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\pcm\dtmf_9.pcm

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1799
                                        Entropy (8bit):7.847016034329973
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:CEDBFC417B6EA8E076C99471E4D746AD
                                        SHA1:11D95A6490613C3D7F350F5525AE47DDF244A5F0
                                        SHA-256:C5E274011991477635400E5A2C81D3B6CC12C50A61267B0ECC70077CB92A9AA7
                                        SHA-512:358120F75FB51A89979CBEC3C1DD0227E286019025BE9308E81F5E2F4C02CD9BB0022BED4DB357D42990C5F0503AADB88963D7062382D9CD832440E12A338CD7
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:#!SILK_V3.[..B.2.H.k.~r.)...n..:s8.....F....'.X...e..?........u.73d.]...z.hL..b.2#j...K...8X`#j...P.\....KP.A...~a....9.;.V.w7..ds;.p......p..'...&....ZP.....5....}$...MD87...]Y.M{.....B.]....//..<J.*Q.}>/x@..R.q.MQE._....5..46.a+./.....L...KuO.....t.;.>w...anII.2.t)..}j...K..].....e..V"-.d...#.=H9...?.~}.6|}.U'...z.Q..;a....TY..u".V{...I..)....p0)j.E.Pw.p.-.....\...\ |U.%(SN. `j..R6.$...^../D.bb...W...65...........!...MKq...!.]....1^....[j..c..a$6..3...g.....T8.W.~....q.X7.$.%......T..FE.Rc.?.p..P.&:.....>{.!.uC..f)31.o..G9-...9...,l....>..X..o.....d....//..;....|;T...I..-.(C.@.Q../.J..w...K1.P.yng..B/..z...8hq....g.....d...s.~.O$'.N.R...I.cy.l-..a.....e..].......L..w.<...??...Knm.$.J./cr...6........o.H..Em.X.......5..qH.s...`.:anj....x..j.....p..j.2..rFb...bU..m}..:bnE..}.....]r....o.....-.@.(.........u.......}u.gK.hU..H....A.....x....~..L.f...J._...>..~b.....N.._a`..!0Y[.m.n|.o.w.QE/.a........[........tQE..K6M.Un.(-..<..'.h`....j._.mo.]

                                        C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\pcm\dtmf_a.pcm

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):525
                                        Entropy (8bit):7.537503914252581
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:6A95093E7FE3117BB1E614FA9727BFDF
                                        SHA1:1DF81E069ED43AEAEDD8DCE9D1C8BF56FA6B96A7
                                        SHA-256:D705D27155E39DA52D84034389FBC3953D98F2E7A6007C44CF0EA1BDDA4B3BB5
                                        SHA-512:925D6B17CEC73D8EA98DDC3B55D17C6E014A5D4504251563C5D5D55A9B7F8CAA43DCC6D7989BBCE72A62E1708A54AB7B09BDD84F79DA9010BFEBF6CFF7534C99
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:#!SILK_V3.Y..@.E dw$<n.....\d.d..M.....$K.+N..7......Y..4.(e+.....O.4s.B._.7>.0.L.X!.2.&......"...R..X.M..t......\jg./.fx+..V\.1.$.'gO`a.$...{...M..+.hq..Vv...B.u<{..l[...=.>...?..X$Fa..v..Fk...6..c...x...+0...`Q..._`....(b...8.Zx..sI90..@..R.Zh...........2.d.H.1)o....."...u.......0.T....L.....Q..d..R._.....^s..c!.>...../E.h{..&utP~.5m<...hc~......f.c..X./...o.....q.s..5$/..../3...@.A9....e.}..P....@,.........*...=.n.....c..M..).F.._..r..>..z.s.]...J....O,..2.o!z....e......I.eB.9....<)\..9;..

                                        C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\pcm\dtmf_hash.pcm

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1964
                                        Entropy (8bit):7.855049902297457
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:569480B0DFE8B64B44F72E5740A58230
                                        SHA1:6F4ED602780FDB7C3EDA983BCB29007BCD8FBF77
                                        SHA-256:1A256021A62ABB1386EABE58974DB5BAC91C622F9FECDDC9F87216C102C23628
                                        SHA-512:89F6452AFA3AEE5265DE3EAC9CE0A5830163187ABE6C5415141133A0B9C7EA091DFC198CAD0B4662588B8F3785C93E310FECCCA3200B13AF0C15CAFF7AB45D1A
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:#!SILK_V3.b...^...<...j.A.S...X...-..........V ....*?..k....Gv.9w....|n.^.H....@f.......).....o...p.b..q]t_whA..N.......`<.`...ntD...h&*.......PA}d...tY.....^.......[^......NJ3...y....9.O...I6.. gX..q\.PF.S.....XU7]&........Pa..&a.."^.Q.('..aq~.%.-.M...b..i.L.d../|c}....Lh.b..1j..h..q]wQ.....`q.~.(..%..........a.bv...@..B...C%q\.....W'5.|.d.......d.Qq... ..G..P.n...#[.Q]l.z."o.xu..?q..q......{T.1..(W..'[..j.r~J....@8E..f.?..b.8y.......fLpNcD.....0.5.\\Lm......E.'b..VCj.\..N...h...wa..s.ED9ZGy..q]t.3..S.;..0.qa..qn.M...\.r...1...-/h.u..T.l...3.x`.U.H|.:.M...2*.=y........e...I.d..v.3]Q.~g..Lx.Y`...U..#i...`N.ot..q]].....n/N..<...........y'........)....H.xQ..My.[.f-...V../J.R.#..e..=t.....D...Js;f.x. "#X....H..=d......c..q\.....P.......b.eL..+q.@....K...Xs._!.-...F..a..hV.w.qf...%.H[/..}..(....B.M .{w2..{........j.N`..q]t.J.)~./*X".?e.Jj@.}X.Z.~!..OL.....,...6.b..&....o..]:.....w....q..-.N.V.z.e{.....^.6U...f..q\.9t.B....I..o..4.PW....,u.\.....

                                        C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\pcm\dtmf_star.pcm

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):1655
                                        Entropy (8bit):7.824024304598636
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:814B4F610592E7D68725F87B04DD5691
                                        SHA1:9E3F0489D1889B3201753730211FB14EA1FC1E21
                                        SHA-256:719F8AA3842EEF2B413EB8DFF026C2B442ACF051AF040B295AF595EF207DC32C
                                        SHA-512:929F10FC51E71759D375D82681F6B9106932B27E0CD39FCD0FBACC2359D1907631A912D34958628C651C37617BD4D5D9DB93D321F0592C30D0294428890ABBD0
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:#!SILK_V3.d..]...a.uZ..t..4...]-!.....\!.X.H......y......hk.Z...n.=a....|.U...8...^t....Y...d..>+..L./...M....b..V~&...5TcK. .j....Y.V...g......+|..G<A>.T..LN~^b..G6.\cE&.........~mq...B.)#....RT.S.].(...$.E...E.wxj.~O.Q...^.bh.....[a....#.{K...t..*.F.AF.....{.r)e.gY.2cz...aT...Ls..!z0m....1jf...W.p..3t.q.........'....jN.x..MU~l....O..C|.._.%.R#....B..U.oo...J.m..7.j...Rn...:..qdny..K.....=^.P.x.."\..f..64..:m.T..,.;.5.....T.e.-4.....W"..bef7.._..o..)D.V..\LK.b.H...E.wxj.~P....).c.b.s...N.q.....GV....n...t......-..T.. ..&...K..e.M../.....d,.05i5T{.]...0.W...13.a... .*...wBx..r .n.h.2aqvu..6a....h...-.oy"FGi...J.m..7.j...h...X.....J._..U@f1.....z...<v.J\.E.......b....J\_..H.M.{...H...?..p]. l.+q..>.)....zOH..qo.........{.X.I..:.H//d%....L8.=.m......;4]Q.T\LK..b...$P..s+~1.g../...7.(.F>4..7~!..?,..Z.a....J_....)._.....&.3T....C.t.y..../..U...1.A..!r.,.W.y.;..F$....(l.:)...]_...Ls..fW.Js1.r.,'..'Oq..}..eW..!..............;6....z.5.?.....3>F.Al..,.W..

                                        C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\pcm\ring_pstn.pcm

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):14026
                                        Entropy (8bit):7.887819356321051
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F199DF8ED884C5AF8FD07AA0E046D19B
                                        SHA1:507CA087DE97053C4E65F4576F78157813E6C174
                                        SHA-256:0A23D9800DB639DD5F40FF0E1CA3DF5729DF7AB81AFFD1A02DB445B4B0AB235B
                                        SHA-512:176A88EB7DF30C78442C435F102F865E1F8C8A6D0FA03F1AF823CF6B7A3C290E50DF229B8775C9234F09A0AB5643410F5E00BB4EAE550C13CB59EE3D4147D5F9
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:#!SILK_V3.I..M..-.5nK..\.C....{....B..c!X...n...-.;../8..>t..%J-.odm9y....3I@.k..y....]..j...G>.<.L.x../{.b.Z.Aub.U..0....'...?'.......B.)a..tM8..._....5.A.7S...H..h..B)..#.....}...t.X.6[\...~....f....Y...o%._.)b.."....*...|A{OG.Eg.......e.Tu.KF.,....\)$.&.K.*".......\T.....o.zJ.f........w.b.$.o...~wW.4Z.jp"..p*F......F....A@.n"......k5......?...e.%..T.) ...wSm.z.H.C/J..b._*.&b!.$W...~4.g..<..".3w...t../....FL?Q...%.A....1.D......d!..z...n..vWs.F...}.z.?...C.b....80.#.E..~..p.......i%...f.D...hPB.E..i.P9Qh..........s...<.:^.R..2.os......Y.J..r..'\.Z...k.z...Us=.|.%........7....c...J..Z..........;.......gS..=.mA.X..S.l^.5..>7.p.....*.F...............?...CI.\...:V.X..(.....[.B...4.%..g.neI.../...(.....B......HS.c.f..R.K.}....4U..ZI..`...m...Dw....jk)....~+.&uk.SCl..i1.</&..n...V/..._....oO.*.v.q....*......^b.yQ)C..U.z...f+.g..E.._..!...U.;:K../42..:..4...\..Y..........f..7...Q..._.S...X..k+S~jB..r.U..(Y.P_C..$l...|R.;F..b..{../._4..8$#7.i...)(!.

                                        C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\percussion.pcm

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):3930
                                        Entropy (8bit):7.64613823455027
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:388728657DD2D77D2257A90B9C935650
                                        SHA1:17C15F9BE8B263C52DC165B3395D8D92E72EC313
                                        SHA-256:DAFA23315EF2893D200A88B65B8F455E788ACD616D0634C35385D460F07C6A61
                                        SHA-512:5B4B298DF61C4BAFA4F2B4FFE2193ED331460ED922A17F2ABEDCD20F6F1B1AF8719694299E367AF0BA757EC3496D99FC67FF1963E27195ED30A95E5DBE97A2B5
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:#!SILK_V3....B.y..1.F6.4..../...+t......?...+t......?...+t......?...+t......?...+t......?;.."....f..oD..!#I_.y._.M..fUZ.@5^......S...mgC.S.r.{BT.r.)......I......|..2n l.e`.]:3...x`....s.j.G+...X[.U.j2.%O.`zt.....@...s...R.|..[.2.c5...>.j.5...~..{ _4N=7...5JS......9.FK..F.Wlx2,.U.._7..x.Ij..e....nF.,.Q!.q....2x..DZ.(...k.......q.r...?7..T.-<..\.....?.5...D....b.2...Z..8.Wx...]mT.q.\.>^...;...X.&dx...$.3ywu+.w.K.D.D.m,.4............c._^.;...By.c..C....k4.V.0..q...$...gp^..y~..i.q..u:.TP@........d....m.....`LR.*.1....."..>M...I*].uh.....c.`tV.0...\.Q...K....D.....}7.~.....O6...[]..B....(...e....=..E.......Y9.,Q..W..is:^...>..%.....3f..G....!q..WY.q,....i).. ..m|.<......5rgl.(...;.WY.......$..R.f`1.g...%z.u;.;4;.KF..w...6..5......G..h......h.D...s...2....XI.....5..P...3...Ds.r.....c...Gaa.#S.:..}H.......m.\......Xu........+t...u..:.....+i.V..C._.w....+~.S.h..~.)...K$sp....+t.....x.....+t..$..t.....+t..$..t.....+t..$..t.....+t..$..t.....+t..

                                        C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\percussion_pause.pcm

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):18276
                                        Entropy (8bit):5.155371011114464
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:FDDC411010D812FB444D70781E253ED7
                                        SHA1:70F75FBB27A50F80E78C1C08485928ED0F05B3D9
                                        SHA-256:E8C8AE4267E1A14352D631418B4FB16D767E3D42AA9528ADB5CF378A219B96F1
                                        SHA-512:155176A313B5534963F1166139403301CDEBC5FFC082D48058975DA4F60E083EF25E21DC262E20F0414AED049B746D630BF668961CA486200C327EBC554C6488
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:#!SILK_V3.....3..S......w.W...+t.. y.......+t...<."...+t..........+t..?G.....+t..?G..7..".:.&.JN..i_H.....e..'.I. .LJ..G9.$"...#.........I.... ... .C-.....u.IEC9y@z..8.JG..7?......%..P..G.N..|.?F....`.....".....w*PT...?`..}A.;|<C^0.../..y.F."........&:...H...i....6h....7-q..2...Ndx.uA.4,....;w.....y...Q...v...f.[....']....."..|.T..`.I.g.......ERhp+.]Pg.|..C.A..c.....9...V}.p.....q.Y.<C....H.....d.fm.tS.r..E,..B;..l....)..`.Z...-Ky.D.<...8D....vf?........F.;.._P..-4...]n.}|?.eiw.H......F..e..I1...{f_...Pp....P6t_k.[)...s......:...U......-]...ai3.....Ba...)..:....<...b35.l...d3..H.&.=K.../....FZ.:....dN...lS.+......j!........J..!..+...w..o9.b.i*l........0. ..$M'....B;...~.....+t..?G......+t...<."...+t..........+t..?G......+t...<."...+t..........+t..?G......+t...<."...+t..........+t..?G......+t...<."...+t..........+t..?G......+t...<."...+t..........+t..?G......+t...<."...+t..........+t..?G...... ./.......hi..MKo....F......O`

                                        C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\record_start.pcm

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):4945
                                        Entropy (8bit):7.91621976500927
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:AB8A5F2981E225D3EDAACB520083835A
                                        SHA1:C60C383FDB6850CB5013065576DE87610270FBA7
                                        SHA-256:193C4FFEA3DE04802E97E9E62FCD8533D8CA53E7306BA113A2234959B5262EB4
                                        SHA-512:4381F709C5E9D0172027FD2FE65CE37B0444087D3E9D7864CD54651CDAE6E8429653C02EBB7A55A5DE194CCF0D674F376961B012B088E131A11B7352F1BA69DD
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:#!SILK_V3....4.l..r..j.9b.w.....G9.Kw..BS....\.......GD+.Q..Q....a.p.._...G.Y...?..R..).gI......G.z+...._."..+.`......G9......3....[.l.....G9}L%*...#.9........G9x..J...E.G.ZEC....I..q..:..e..}.'{=...G9..'.. . .9= ..e....O...9.UX#.......F./....,C.f0|..D....`..M....G..-..H.......x]1.Z.B...`R...K.i...A...~G.2.}T...bM.J.4..C.u.Z..<..C....D.I.}....@.."...\.(...x..8e...c.H..U7...#..R.....$O......#e.d.a.7....+..@....>..@w..]...!.=.bL..&.TZ...|k.~"..eV...Q.G..71......4.D.6._D....d.. ...2...pw......{.b...O.6.......N|.H.K...L..^.-w..t.....&..?7...C@...8.r:...@...;.-..n.'k5.:.{..X.y......=..U..^....~V...E.........S/........2LWJ]'.].PC+yJ.............?..0..Wk...&...Zi.'...h..<.7.&..LL.G..^..5~..p..d.2..@.0.....E.[.._.f..$...OZ.Zd......d..I..)YB.P0N.)...~.wH.........!Zgs.|C....-Z...%O....].50...a.^.5....],.(Y.$6#..pO..y....h...H........o.)1L..|..P)..].....+t...A.|.o.}.+..j......e.}1...r..O'....=..@....y.`^.....e.....t-.z...,I.?-[..r.....zwT...A1..e..%YM

                                        C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\record_stop.pcm

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):3764
                                        Entropy (8bit):7.903452177919799
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:0001FECB6B6E044D221FBC6A7E22E313
                                        SHA1:C73A6506C92D9A1188AAA793AFBFC1951CD5340A
                                        SHA-256:8CD8B4D3E8447D82DD045C7A3A8F175B97376C3DB5895506CAB0AF6A0075226F
                                        SHA-512:1588169348727306E9C4AB444A7857924BCB88E4DCA2BE8E3526A2227CF117702C47431325DF1C83F71DA34BB35C28D1589EB3F59CFFDDBB3DBBE1D00D8D76DE
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:#!SILK_V3....7).#.z.....z..4s...G9.:..=a.Z90.....I..X..g.;.Q1:..o+....G9..E.....9Y......GD0.\~6.R.;e...-gt....F...y..K..KE......V...G.|Y.dsb..U.....G9.....G...p......G=.../.g@..........Li.x.0.8.......#..;..e.v.o.J..{......5..d.1@.;.;.E..[.OQG._..O.(..#...FE@.n.g]E.D:....:....u."w....?1...7...P......D...#........{.IR..'.ur.....Sd.U...jW..B(>...I..C.9..K@vw.6.. .=...1............v..3.P..W..4.yE.;O...).u....@f2...M..p.....>..e.......K.^0?&.[.......W..h7e$.n.r......|...1c..(....Z.`.4....5..:o..0.2.G.8.;)?..-.+ZEiVV)g..........`F5...Y...~.k=.Ls=...Pu.T........*.?..."...'....k.kk..g&..u9p..^N.hu.;..a.....H...(s8..S...;..F...R......7.B..V.F.E_.<.3........@.....<..y~xQ....!..`...#.a..>..wo@..Y..9K..>y..V|..W7...AD.....U.u=).w.J..m._.w...a@...?.d.v....?.....CHnq....U....F%P.hB..8..T...[$.t....U.59W.A.H^.p9...a.:...^P3.0.zE...........\.*m.b..a.c}|v..op.j..t>&.....A]..D.....M..h.. 3.......\.....G..3..K.!.Y..........g...O.s|.I.zd>..k.A....6.....

                                        C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\reslib.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):56632
                                        Entropy (8bit):6.781002349301988
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:E5A9ED3B615F32C6499949B683A45E72
                                        SHA1:F47FA0FA48D6519CB60D355409A9FDD23A24E841
                                        SHA-256:641C55902C80988EDBFD453BF54E733F7D6443A77CE99DF4FA6102490E5D448B
                                        SHA-512:6CB3EC38265B3B67BE28B3BCB6C93085B7C8666F5ADB26A20A3D46ACFD5512EAF10E6CE2289429C70F56CA788ECDDF1ED22443A3B833847B6E742558CB5ACCE5
                                        Malicious:false
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 0%
                                        Reputation:unknown
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............,...,...,..,...,...-...,...-...,...-...,...-...,...-...,Y..-...,...,...,Y..-...,Y..-...,Y..,...,...,...,Y..-...,Rich...,........PE..d.....wg.........." .....>...B.......?...............................................(....`A........................................ph......tj..........h.......,....~..8_......X....Y..p............................Z..8............P...............................text...Z=.......>.................. ..`.rdata...+...P...,...B..............@..@.data...P............n..............@....pdata..,............p..............@..@.rsrc...h............v..............@..@.reloc..X............|..............@..B........................................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\ring.pcm

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):8862
                                        Entropy (8bit):7.929470948304546
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:15F886CBAEE088418B6FFCC29115C64D
                                        SHA1:9147BEAE4E9138BA609F67E75F9CBEA7651CA307
                                        SHA-256:29792A0893ED2457C3872C4418BDD71F5E6C1B8E5894C2C921F8A8F8D797D4DC
                                        SHA-512:E5228897CFFB5E05A7A66471C52089DDB682D544AC3B4AC312804883A2D335B60EDB6236286DBFB6934ED12715709F8FFA09DC7014844ACB89BB1B0E205A2DAA
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:#!SILK_V3.9...(...$l...`I.....I@.....yO......u....?)....Z?XIi...:..t...qF...~..SU.....O.7C]...|.LZ..H..mc.S..W.N.!....9.....H0..R+. &...2......l..%..!..)..+.r.R2*y.U... (..7..qwQ...>i. ........n..@.....1...m.....A.D.e...(-..:.......*....J\..IF.$&...oG.?.d.HK..<#X..Q..".=.%.b...)e.7....R..0.5...Z..R.G.@>..*.\L[...*1.+`&......5. .#.n2..6....lP.[eg9.. ..w.C.x..h.I..{...4..s%..8..y..kz.".5.....U.9b...."H.2...J.:.......U...)8E.C,.P..S..*..9H+7...f-.... .i..."._.._..l.......2 x&...._......<0..t.4...F5..C....a....;-x1s..,...a\.=....n9fK;d.L..:l.4..K........k.%%.....t.m...j..m.......-...5...=um.%.4..C.j...G..#..6...]..y..%..9.`.V..AnD.a.Z.E.}..9..N.Kz.K..b.............../[.L..:X...vy....sT..6......1..\Y..R(...Z.L.1......`+NVD7'.....?w......[._*.3..X....../.:o{&$/..l...h..q......-0....s..WM...q3..TR%Fk....J^ju...(&...@"..o...d$...B..".eJ....?WH.....VA.p.~.u.r'..ZR.....t.l...N$wx.l*.+.}~`.J.L.X.0..j,w......W..|..B.....h...;0.0.l.W

                                        C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\ring_spatial.pcm

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):263889
                                        Entropy (8bit):7.995872847179717
                                        Encrypted:true
                                        SSDEEP:
                                        MD5:D60D149441AC263DCB477CC17F29CF35
                                        SHA1:A5F8BB83E31164070B9B904A1AF694F87BE96A33
                                        SHA-256:5358F9D08CA9C8F97C66109CC804D90D2D61C3D18A7C0DA230299CBAAB239B17
                                        SHA-512:AF3CCDF19B7088E491AD98F0E23E448253C87FECAAC9F9434FC49FF201750DFA22E1941A6BAFC0FAA4930E9BD9E2C3A8DB38B4D10EDC999B7034FA760E8D3758
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:#!OPUS_STEREO.....D..J2..anR.p.N[....=.#.`.*.%@.^.4:....1....l... ...^..Q.......J.4....>........=.M....x.3..........F....7|VAc._\..}..`L4I.J......I.....U.........?"...c.#._2v...\..{...[P.........z........h.6...l.e........6|............hO......6......^.k.B.i.m...e..7...2..W.z....'......D3x...g.TR.K.O.6........?. ..,..6mhNB@.h.....s......_..OM.L..,..(..>.f.T.....u.c..D.3.(.X..W.2.~r....G"]..j%..E\M.....nv.Xtr-..{.D.U..k...L ?KwJ...=..9....|\..?.b......D.(8D^.Y.."N.......Y.8L...d'.."...0...cN.[."1..t.."}}%)...^.-..%O.>.Z.A&...F.a$........N.|......d7..X......aW1.....Y?z@Mb..>.1x.P$...w_......or.....E1..Xt..`.BD...^G.|...WRc....LY\W.D].b..Ao........p...O...e.._.....F...C.[.&.z+.xn..N....EV..\..<.'5x...4.".7($.b!B...5....^.k;.\&3...h.m....'6."6.y]r&Ae.Wn..H.."$..h9...#..T.p..s.g=......^....:n.....'.1...*......a.....n..P.C..@Z.~K...q+.x.^9)5..iZ...{.....y..s]=..Bx....V.6q../..w..z.o.....g.....u........8.....0K..A.X..V..+>.Rv.0..

                                        C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\ssb_sdk.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):5129016
                                        Entropy (8bit):6.372814602634369
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:5600F2669D67D2804E22B0627709EDF3
                                        SHA1:268D858CA1DFE59B59723C311AB184DF2A08EB00
                                        SHA-256:5182289F874996AB0A270D3F2E9B3C8894E32AEF6CBE9FCA8AB2E65AB42E4F41
                                        SHA-512:01FC6C32A9D1DAD89810C46967D95CD375908E150081DC417019C9A134D7E1DFE07FE8C58EA06225B0984E5A94230AF4DAEC7061FF718D3A880F0BE81EE852A3
                                        Malicious:false
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 0%
                                        Reputation:unknown
                                        Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.........1.K._.K._.K._.B..._._...[.C._...\.O._...Z.U._...^.M._...^.I._...Z.*._...^.O._...^.B._.K.^..._...V.k._..._.J._....J._.K...J._...].J._.RichK._.................PE..d.....wg.........." ......;..~......P!2......................................pN.......N...`A........................................@.F......F.......M.X.....K.`.....M.8_....M......?B.p....................AB.(...p?B.8.............;..............................text.....;.......;................. ..`.rdata...P....;..R....;.............@..@.data........ G.......G.............@....pdata..`.....K.......J.............@..@.rsrc...X.....M......VM.............@..@.reloc........M......\M.............@..B................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\tp.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):2000184
                                        Entropy (8bit):6.570144703540625
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:7B9938B587E3BE712724FC31712FDE49
                                        SHA1:2ADC9A75E76A636884D3F72BEE02B6A205AE19E7
                                        SHA-256:EBD921302E6EF8511E5CB876DA6AC3B9AC89461C82213A040D4EEC93E19DA371
                                        SHA-512:DF057832236DE7625E94BA9624732756FB42973FBA279186413C6BD04AB7F296F67CE72CF183EBF6EDB6A8C9D2755003ECEA754224146CE07DFE752BEEC20EDC
                                        Malicious:false
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 0%
                                        Reputation:unknown
                                        Preview:MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$......................l..............................................................................................................h...........Rich...................PE..d.....wg.........." ......................................................................`A........................................p...DE...O.......@..h....p.......&..8_...P... ...p..T....................r..(...@q..8............................................text............................... ..`.rdata..............................@..@.data............l..................@....pdata.......p.......6..............@..@.rsrc...h....@......................@..@.reloc... ...P..."..................@..B........................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\turbojpeg.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):1238840
                                        Entropy (8bit):5.66493926417429
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:32BF4EBDC571D2E515F292EF98B6F416
                                        SHA1:1E2EF8B5391CE3A9F6C707F0BD1C756EF60D55CD
                                        SHA-256:0AA0FBE062014C6A63768F085D0ECD376D199908F9F07056E391D38FD90A64B6
                                        SHA-512:9F3C4C02562BEAC0FCF4D00102C1B1CE4A87DA7AB829F55946F8249BB2BC67F5B062564B0D3A62137A372C8744CFDD491C659837C9FA7919F8A49E805AE67D94
                                        Malicious:false
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 0%
                                        Reputation:unknown
                                        Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........9<.XR..XR..XR.. ...XR..-S..XR..7...XR..-W..XR..-V..XR..-Q..XR..3S..XR..XS..XR..XR..XR.S-V..XR.S-R..XR.S-...XR..X..XR.S-P..XR.Rich.XR.........................PE..d....n.f.........." .....z..........`...............................................c.....`A............................................R....t..........i.......HN......8_...........A..8................... I..(... B..8............p...............................text...Dx.......z.................. ..`.rdata...f.......h...~..............@..@.data...............................@....pdata..HW.......X..................@..@.idata..~....p.......D..............@..@.gfids...............V..............@..@.gljmp...............j..............@..@.tls.................l..............@....00cfg..Q............r..............@..@.rsrc...i............t..............@..@.reloc...............~..............@..B........

                                        C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\unmute.pcm

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):537
                                        Entropy (8bit):7.576566642691929
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:8CB1D13A418A60762BF3A3EE1AAB96DD
                                        SHA1:F3670AA2EFFD3AE73D67468EC3766181B1C27789
                                        SHA-256:8F045407724DB8EC0E6BB8457CFE09856E80492A47B3AB4A03CD80F3A5F088DB
                                        SHA-512:00657CE557BA08AF58A7F45B14EBFE76CE067EEAC07AD28F2A086CABF48BD78570F9894BA4F8F5BB1AF66EC3867819630AA3550BA73EECB7232C4EAB71B1AB85
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:#!SILK_V3.=..Ff..w-.5..J...m\..gV.Q..n..N,v.y.Id.4...za.=Me..{6..$MG.0.R.~.......0A.....x=..D*.d.c.t.....~.....E.1.M.f.1JW....<.uj.G.*g..)...7_.....b...6...L|<Y..<.;..I'}..-....$...=.....@#.7.(..V...R.x'..D.}...Z....Xf.e.~.f..T.V.*.....L.........O7h......)+.%C../.0..q.....m..$q.U..z.k8.~A..s.~d.k.ot.......&.r.......)F..S4c.%..../..?..t....K...D-....nJE'nP...Yy.,.dl......1..I.}.P.G=}.).87.v hMq...e6....pL.E....x...{.j...S}..D.m...7.....rQ.T.1...<...l.(Nz...P.m.<..hx..J..L..%nj("....n...s..wkr......Pc......

                                        C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\util.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):433464
                                        Entropy (8bit):6.489599600220693
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:AE68AD9D8768436BA92C366EAB9F8309
                                        SHA1:534DEDE127CBDD2A03CD9C53C588F35A1BE986DD
                                        SHA-256:FCC5BF93A2CBB16E83495923E237FF36D89050E9DF20F03FE25774B4AD44E15C
                                        SHA-512:673068D2C49E0EDAB1C39AAD142BFCFAF434D0C468C79C28827B90E24118C9A92ACC7B3372E7A73AFF4DF6A830F94A444A90DEA6F7DF4277D643AA625822DC4C
                                        Malicious:false
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 0%
                                        Reputation:unknown
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Q..............=....G......G......G......G......N...............5.........Q......9..........Rich...........................PE..d....wg.........." .....l...........]...............................................P....`A........................................`o...]......h....`....... ..@2...>..8_...p..p... ...T.......................(.......8............................................text....k.......l.................. ..`.rdata..jk.......l...p..............@..@.data...P,..........................@....pdata..@2... ...4..................@..@.rsrc........`......................@..@.reloc..p....p.......4..............@..B................................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\viper.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):3638584
                                        Entropy (8bit):6.936527931489157
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:1ADDEBDCCEC8426D0075F1C5064C9095
                                        SHA1:029CA19CE966F4DE12C97A0CA44578AE723D7448
                                        SHA-256:4C1158408C599D0D8F450CE87F84F46D680E8F6735B018A4C2BAC9D3B83BE5EF
                                        SHA-512:F73C8ADB774611401CF15F0A75342B96D19C0D6BD87C04124A34762267A0059F199A56F42D3878981F6A9811B4520FBF56DF96C7E19B696AF5D9DB81B608F85A
                                        Malicious:false
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 0%
                                        Reputation:unknown
                                        Preview:MZ......................@...................................@...........!..L.!This program cannot be run in DOS mode....$............S..S..S..)S..S..R..S..GS..S..R..S..R..S..R..S..R..SV..R=.SV..Rc.S..R..S..R..S..R..SV..R..S..S..SV..R*.SV..R..SV.ES..S..-S..SV..R..SRich..S................PE..d.....wg.........." .....B'...................................................9.....L68...`A........................................`)-.|....)-......P9.h.....7.\f...&7.8_...`9. ....R+.p...........................pR+.8............`'..............................text....@'......B'................. ..`.rdata.......`'......F'.............@..@.data....v...`-..F...B-.............@....pdata..\f....7..h....5.............@..@.rsrc...h....P9.......6.............@..@.reloc.. ....`9..0....6.............@..B................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\viper_async_device.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):243000
                                        Entropy (8bit):6.201672499781757
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:2781B71CDB9664279AB2001A93EB238E
                                        SHA1:F86EE2C24070747E26AEEBBE525F5657C78CC9CE
                                        SHA-256:BC82F21268E34378E5855B228F800DB328FB798B0D5A2F9DC3AF885564FFD424
                                        SHA-512:C1C6D775160310B531D4723DF176DB5B49CE190789D2110FAC3D25438B794E125FABFAAADE03547A7AB7FBAB3D89385617D202CC69B66D9DACBE519C107FD30C
                                        Malicious:false
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 0%
                                        Reputation:unknown
                                        Preview:MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$.......Ycc.............Fj......{m.....Ow......Ow......Ow......Ow.......z.......w.......w......Fj......Fj......Fj...............w.......w.......w..............w......Rich....................PE..d.....wg.........." .....x................................................................`A............................................d...t................`..H....V..8_..........4...p.......................(.......8............................................text....v.......x.................. ..`.rdata...............|..............@..@.data...H....@......."..............@....pdata..H....`......................@..@.rsrc................J..............@..@.reloc...............P..............@..B........................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\win10rt.7z

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:7-zip archive data, version 0.4
                                        Category:dropped
                                        Size (bytes):779346
                                        Entropy (8bit):7.999755381225742
                                        Encrypted:true
                                        SSDEEP:
                                        MD5:0872ACC303153D1BD8085F92E3C4BC7B
                                        SHA1:9C38B1348238F8C3B8528F43203FE0CF0B9AF183
                                        SHA-256:D66A72C3698F819EF306F08276AAEB7BE0F9BCD3CAA02040A2DC448F703368FA
                                        SHA-512:DA7C46E165BF77E962FC72896A9613C7F0C5A6CAD0A96A7F97A4844E448CD93CAD0476B970948ABE88A22163F91A5D2CDC7D1A6BCDFDE8BD80ED70F79E31FED4
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:7z..'..............$.......~....%...].&..p.........../D.|........{...cl..KN......TS;...p....."...gW.....~...~....oF~;..x...;...X...;E..!...>O....E)0.....=.Zq..l..0...$F..F.y:..D.........r>NC......,...s..v.b.5....hN...1.jAix.n.C$,...m.5X..rK..$.w....d.:V....^.._f.}..........)....K......,..g..t7.......-_..,....^.$.F.Y.q4.&`.=.q.j7*0&.t:.MF.'..2+.....e..0.9.t...7...H:('"...>g.)k....2.i.;......G..p.....~.\iB....|.,.'WNs..W`...].6.{..L...*.40.rc...%x...A-.n.Cs~J....n)L...os.Cp.......lB.!.Jx...ja.+D....f...-T,.....h..l>t7..e..`.....{..D.G...x.".."r...).F..t.^..!...06..zP.n|..`.JVd....g.|u.{...{.R...2....j..n....0.....y..W....+....w.=Bd3.A.6.c3..M..x-X..>m..."...W.l}_..."4...V.W..m.T...v.Q....a.!.`..W.e./... ....>.~.iV...s..`.K.M...y0.'R..k~Rb.C+....Y...:D.c..e. ........COFu..B.B"nGr4..j....x..o.=B.@..<V...p..+..5Y..,.(.....s_..R....&r~4."..}..m...t.".<.q...n.Ot.8.oO.!....&..vN\.[A..<.\W..p..d.T.!.,Y.v........p....Ss.w......VJ_.....<j..L.(t.

                                        C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\wr_ding.pcm

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):2105
                                        Entropy (8bit):7.877032276962722
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:C9318CC2306BF6B1EE74A5987A8D371A
                                        SHA1:F482D3DE9E8DD7C04344FAB37D067A08233B64DD
                                        SHA-256:58CBAEF9B7177A4E4427CEB303B852463964A5AC4E979055021EED1901FF164C
                                        SHA-512:04CCCA6ED6C13872E8D967A9ECEB7B485C5F0F7442259395773A1EF168FCF317E60E22AD2840579E4D8B849D1606190CF5DCA0E00C2F88CD1891B8206E9A5EC6
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:#!SILK_V3....+t...I..#pC,.."..N..............:....".E.....`v....A.cDmJ..9.......ZH.Q..;........z!.3...h..o..;aNN..I..]~.T...h:...#.)...D.u..?.....u@/|.*.A.u.c.xx.ya..G.?.<S.Wt..[..T..7y<.){...]...s.....=......`...$.G=......mfy.d.!*.z.t.f....I'>...)K..|.>.."...q.<.....!..f.a.G.UN...;.4...b.M.gn.O.hDM.a.N.m..U.s....u.O.._?..J...bDE......M".j6...{S..`S.O"D..8.Zbr).3.]Y....<a...?..H._B....q..W...vw.Y.u.2....td3.x#.c...I..&..n1...7?..-.....c.SO.....Y.H...Z..--.......0...BQh..i5.$).......Q...n...dM_9.4......v....mq...n...@..{.>...78q..0y.j.O.!..x..9..*..D\].7...Q..j.RMH....b@...4.;/L.>......i...K..:|.F..~9....6.s.@..(@......Mv.....O..i..>._7....5.Z+.....d..0@.f..9V.{i^..)H.O..T...9f%(H6..J.*-..;:.....7.l..1.@`.JS....[....K*..gT....Vt....._.v.lUC..A...?....+Hx,.{/3..E..,..'.....@{Q.+H^.*..pM.\o.W.................;..R..om.F...'..a... ......Cp........9,.....:'....:..43$.O.9../..k..-.J.GA.`........q..2#..&A.VG..0zLV#.E...*/..._..;....L.YIx./.Xn.>.*..$3..

                                        C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zAutoUpdate.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):56632
                                        Entropy (8bit):6.68859392389578
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:BD924E56B5130A6CEDA181EF521020C2
                                        SHA1:2E0966BF79ED58E08DF15C6EA31EFBED4FF3E26C
                                        SHA-256:B2C72EBFB2B7CE3F14873F9B9C365484C1297B3A2B45F504A69317BF6CEC8A35
                                        SHA-512:E0878085EA4867FCA37B1D85EB835EAF22DF2F96957E618A0EA4323F581A5DABD718A86F8735369359D20CFD62C886B5089498B87E8A0CAB7E8F3B9840056DEB
                                        Malicious:false
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 0%
                                        Reputation:unknown
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......G.............]....Q.....Q.....Q.....Q.....X..............]................1......Y..........Rich...........PE..d...9.wg.........." .....>...B......0=...............................................:....`A........................................0k..d....k.......................~..8_...........Y..T...........................PZ..8............P...............................text....=.......>.................. ..`.rdata...+...P...,...B..............@..@.data................n..............@....pdata...............p..............@..@.rsrc................v..............@..@.reloc...............|..............@..B........................................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zBusinessUIComponent.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):493880
                                        Entropy (8bit):6.135985911155095
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:F0F220AAC61C4611F5260B9B27098663
                                        SHA1:4402AF70DE24D4970A0FF310CAFD8DF9633AD71D
                                        SHA-256:15A70DA4EE662C9BBB07C338B43252E81C9BA9585BB43C656ED5C305C6CC4113
                                        SHA-512:4CBCBD7051D15F2F611B7CBAB5D0D713E551A137FD7DA00540BEC452E6F06A6F7238E8DE20A69CFBC04490F8D333BD432AD0FC46FE2EA7A436AA193BFE164C4E
                                        Malicious:false
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 0%
                                        Reputation:unknown
                                        Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......L................:.....Z......Z......Z......Z......S......S......S.................-......&............V.......>............Rich....................PE..d....wg.........." .........\......@...............................................g.....`A........................................P...|............@...........2...*..8_...P..("......p.......................(...@...8................ ...........................text...\........................... ..`.rdata..............................@..@.data....7.......,..................@....pdata...2.......4..................@..@.rsrc........@......................@..@.reloc..("...P...$..................@..B................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zChatApp.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):36664
                                        Entropy (8bit):6.984610058175698
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:0D38A3B284F5DBDE2F387E5027B64F01
                                        SHA1:B5A221ABD234E53EEB7471DF366ABFB2068E78D3
                                        SHA-256:B3658778476496858FC53BAE95B0EFF848E20A68CCEE87AB1DB32608A5E91443
                                        SHA-512:89EE138C082C8B8557CC4CB09760BC9457F7A50D1F146E1A8A775FC83BDD3A23AE886E3AFEFF4684E55AF3454F81765757668052321A6E4AE743DD6CA817623F
                                        Malicious:false
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 0%
                                        Reputation:unknown
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............y...y...y.....y...x...y...}...y...z...y...|...y...x...y...x...y.m.p...y.m.....y.....y.m.{...y.Rich..y.........PE..d....wg.........." ........."...............................................p......]y....`A................................................`)..d....P.......@.......0..8_...`..,...x"..T............................"..8............ .. ............................text...l........................... ..`.rdata....... ......................@..@.data........0.......$..............@....pdata.......@.......&..............@..@.rsrc........P.......(..............@..@.reloc..,....`......................@..B........................................................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zChatUI.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):9634616
                                        Entropy (8bit):6.230196412123453
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:8311E864D814D4DF22ADB63653C9C0D6
                                        SHA1:10361E9C7E7BABB6C004ADA3EFDD0C4DC757D87A
                                        SHA-256:BB72AE94A0B2AA3A887212FAABA532C8463AF6E17C33C198112118971E5EFEFE
                                        SHA-512:90F10CCC695C88F08513288576F759E91457CBA072CB3B839DFF3B06D53C023DD98DDF9E13AC329C70AE9A9ABCCCBD2A0372D2AF3EB1D485001E73C7B333B827
                                        Malicious:false
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 0%
                                        Reputation:unknown
                                        Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.........B.S.,KS.,KS.,KZ..KA.,K..(J[.,K../JW.,K..)J{.,K..-JU.,K..+JR.,K..(JP.,K..*JR.,K..-JQ.,K..-Jw.,K..-JD.,KS.-K..,K..)JP.,K..%JE.,K..,JR.,K...KR.,KS..KR.,K...JR.,KRichS.,K........PE..d...@.wg.........." .....zc.../......W\..................................................`A............................................T...H..H.......p........l......8_..........@.t.p.....................t.(.....t.8.............c.............................text....yc......zc................. ..`.rdata....&...c...&..~c.............@..@.data....!...`...L...@..............@....pdata...l.......n..................@..@.rsrc...p...........................@..@.reloc..............................@..B................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zCommonChat.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):11427128
                                        Entropy (8bit):6.409682051507469
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:2CEB9A985448332E887A94342D80FE6E
                                        SHA1:4F57CB1078F3E667B889B6F1BCCC0D5BA5D0846E
                                        SHA-256:0E96FFC6A6A07FAF129A88707326650752029104700257E27D3CBDE9D5B73887
                                        SHA-512:57E40A7102209446FDF2C887176B2A0A30963820AAC23DC1AEF2307BDBB1C4DDC006712975A30A291FE687A2E696DDDD460EF8C557C2C8AA00631B219BAEEE2A
                                        Malicious:false
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 0%
                                        Reputation:unknown
                                        Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.......UY...8...8...8...@|..8..CM...8..CM...8..CM..28..CM...8..JP...8..JP...8..JP..=8...M...8...8...4...M..N9...M...8...M...8...8x..8...M...8..Rich.8..........................PE..d...x.wg.........." ......k...B.....p.c..............................................C....`A...................................................H......p...............8_......,{......p.......................(.......8.............k.@[...........................text...\.k.......k................. ..`.rdata..F.:...k...:...k.............@..@.data........p...H...R..............@....pdata..............................@..@.rsrc...p...........z..............@..@.reloc..,{.......|..................@..B........................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zContext.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):51512
                                        Entropy (8bit):6.865840962084237
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:6C5A20333CBE47E3FE81925907E8E4B2
                                        SHA1:19D07A3BEE4351731C50028B2242C60EC2AAD7E4
                                        SHA-256:1269356049926B2A09005EE6A34F53BBF4AAA8A9D52AF10563BCEDE283FD1F7C
                                        SHA-512:0B765FD75BD4BC549FE7AFF7FC47D9B9DE13A1052A88F9B25AF68211C4C7383F8AA8DC218E8D68786D8E27AE8CE5250B23C7C19FD0D7A9B3EAA2150CD0CB4147
                                        Malicious:false
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 0%
                                        Reputation:unknown
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........9.T]Xn.]Xn.]Xn.T ..YXn..-k.OXn..-j.UXn..-m.^Xn..-o.ZXn.;7.._Xn..0o._Xn.]Xo.eXn..-g._Xn..-n.\Xn..-..\Xn.]X..\Xn..-l.\Xn.Rich]Xn.................PE..d.....Xg.........." .....4...8.......6...............................................-....`A........................................@b.......j..........X.......h....j..8_......T....V..8...........................@V..8............P...............................text....3.......4.................. ..`.rdata...!...P..."...8..............@..@.data...H............Z..............@....pdata..h............\..............@..@.rsrc...X............b..............@..@.reloc..T............h..............@..B................................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zCrashReport64.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):259896
                                        Entropy (8bit):6.3746964822992105
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:D3F611440FB59CEDA06DCE22780881A6
                                        SHA1:DB0805776AD3C3A5B54103EA32CE386BF91A4152
                                        SHA-256:6042A424AA58BEAA269068A601AEA407B9B17D427866F4D5282BA560088358CD
                                        SHA-512:8DDE595D32EEE01052D2A20DD54FAF09129A8A0109F3E237D2770E7A998F9C55C1272801E2DC5F7B2FC237D526223AF404D8AFE38A7C54552EA2ABAEE13E724F
                                        Malicious:false
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 0%
                                        Reputation:unknown
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......WB.1.#.b.#.b.#.bHK.c.#.bHK.c.#.bHK.c.#.bHK.c.#.bAV.c"#.bAV.c.#.bAV.c.#.bHK.c.#.b.#.b.#.b.V.c.#.b.V.c.#.b.V.b.#.b.#eb.#.b.V.c.#.bRich.#.b........PE..d...LbYg.........." .....F...b......................................................`.....`A........................................PD.......G..................8.......8_......,...0...T.......................(.......8............`..P............................text....D.......F.................. ..`.rdata.......`.......J..............@..@.data...T%...`.......D..............@....pdata..8........ ...V..............@..@_RDATA...............v..............@..@.PROPSEC ............x..............@....rsrc...............................@..@.reloc..,...........................@..B................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zCrashReport64.exe

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):261432
                                        Entropy (8bit):6.086818693004693
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:BEA2045155D0C7D433CD8BC1D7A30F9C
                                        SHA1:B51B5153F86ED76D15F79C4AD1197B3AD4E0878F
                                        SHA-256:2561E58DBA9AC98A56A48D9B094D9B1715290255B0C16B31292D25F94BE1A462
                                        SHA-512:648F09D3F5A3D0806EF5363E870F5F26C05ADB560028AFCC2F0F35031D8B22CA9632F7D3F64584968706E05545A96D84F931EA2FD92A56A7548AC7E7A78952BC
                                        Malicious:false
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 0%
                                        Reputation:unknown
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......D=^U.\0..\0..\0..$...\0.[46..\0.R)1..\0.R)5.*\0.R)4..\0.R)3..\0.[44..\0.[41..\0..\1..]0..)8..\0..)...\0..\...\0..)2..\0.Rich.\0.................PE..d....aYg..........".................`..........@.....................................1....`..................................................2...........K...`..........8_..............T.......................(.......8...............(............................text............................... ..`.rdata.............................@..@.data...@....P.......2..............@....pdata.......`.......8..............@..@.rsrc....K.......L...N..............@..@.reloc..............................@..B................................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zData.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):3472184
                                        Entropy (8bit):6.40719961919236
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:87D2C45A205D2C4EB82E2D325F43A7D2
                                        SHA1:3549A18FE07B9DA40AA35F31F4A3F01091570887
                                        SHA-256:873CA3D63613531EFF264802BE2CFB7EFAC77CAF6FF6B9C8F16F788F09607ACC
                                        SHA-512:6A3A4608C189C48AC2DE969ECB049798704449AA29654E2E421D84F0E65E0EA88F65FFB1A458332AC271B0565F66A2FF99CE03FC092C8842537B0C56E9BE6CEC
                                        Malicious:false
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 0%
                                        Reputation:unknown
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......&.jdb..7b..7b..7k.7r..70..6j..70..6f..70..6x..70..6d..79..6d..7...6`..7...6i..7b..7...7...6...7...6c..7...7c..7b..7c..7...6c..7Richb..7................PE..d...+.wg.........." ......&..........$.......................................4.......5...`A.........................................1.....t.1.......4.h.... 3..m....4.8_....4.l@..pj-.p....................l-.(....j-.8.............'..............................text...K.&.......&................. ..`.rdata........'..0....&.............@..@.data...X....02...... 2.............@....pdata...m... 3..n....2.............@..@.rsrc...h.....4......T4.............@..@.reloc..l@....4..B...Z4.............@..B........................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zEventTracker.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):218936
                                        Entropy (8bit):6.483600386569731
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:A50EA325D741FFDDE84429A4F42D1235
                                        SHA1:977C6621A68CF26D6AFEACB01FE8ECB56C9B0B12
                                        SHA-256:F52AD87F80E4E2BBA4751F9FF2325480DE51ECA759F78A280FB711430F6B56F2
                                        SHA-512:DF4C4847AD2B91C73EFDF58720BAA535DFD9687B6181675D53FC6419CB808DDD524582C7799310E9EDC82DE1336641BCA47BAAD763C3B3488C2405B144458916
                                        Malicious:false
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 0%
                                        Reputation:unknown
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........%+.ADEDADEDADEDH<.DEDED.1@EUDED.1AEIDED.1FEBDED.1DEGDED.,DECDED.1DEFDEDADDD.DED.1LEFDED.1EE@DED.1.D@DEDAD.D@DED.1GE@DEDRichADED................PE..d.....wg.........." .....L...........7.......................................0............`A........................................p...................h.......4.......8_... ......xt..p....................v..(....t..8............`...............................text....J.......L.................. ..`.rdata..,....`.......P..............@..@.data...............................@....pdata..4...........................@..@.rsrc...h...........................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zKBCrypto.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):3233592
                                        Entropy (8bit):6.517081567011333
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:40EDE3CE27584306D35A8EDC815D1F50
                                        SHA1:9EA543C533CF0BF68B560F475CC2A0F2B68CC0F0
                                        SHA-256:943324BB52F61DD97D9E051180AFEDB2DF6E9AB1BF1B863CE860C265E9DFC849
                                        SHA-512:F008309DB8E7992AF39051D07D0A4805F92D5FDC473FEECAAD21B4CCDA6DF68285F5654A0C0B77A10DB50D5BA9F05C86E2884E041D3D97584F1F1FD5CBC83674
                                        Malicious:false
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 0%
                                        Reputation:unknown
                                        Preview:MZ......................@...................................@...........!..L.!This program cannot be run in DOS mode....$......................................................p....................................................K.................r..........Rich...........................PE..d.....wg.........." .....2#..,........ .......................................1.....K.1...`A.........................................3-.`...`3-......@1......./.T.....0.8_...P1..C...r(.T....................t(.(... s(.8............P#.0............................text...l0#......2#................. ..`.rdata..&M...P#..N...6#.............@..@.data.........-.......-.............@....pdata..T...../......./.............@..@.rsrc........@1.......0.............@..@.reloc...C...P1..D....0.............@..B................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zLooper.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):65848
                                        Entropy (8bit):6.641197828874605
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:6D6FD79ED931E47B29D18C07F8C0FEEF
                                        SHA1:D924BF2FE7C8889CB17A3404B5A0D0D09CA3DD4E
                                        SHA-256:C95C1BDAD13BCE68FE3DE719E09F5CEAEA9AC19908CD0D8D17EC1AD3A1A8EB85
                                        SHA-512:512989B805983B6AEE2C77AECB06923A11835E18A05A7B0922465CBD9BF1591179F8E09F18672CFD7523DDE08603198171B7815678715525D464FE81214939A6
                                        Malicious:false
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 0%
                                        Reputation:unknown
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............h...h...h....p..h......h......h......h......h.......h...h..h.."....h.."....h.."....h...ht..h.."....h..Rich.h..........................PE..d.....Yg.........." .....L...X......0L...............................................N....`A...........................................................X...............8_...........k..T....................m..(...0l..8............`..`............................text...hK.......L.................. ..`.rdata...;...`...<...P..............@..@.data...............................@....pdata..............................@..@.rsrc...X...........................@..@.reloc..............................@..B................................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zMailRes.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):4939064
                                        Entropy (8bit):7.995932820820818
                                        Encrypted:true
                                        SSDEEP:
                                        MD5:98B65B6412A9817003B911ED4C71BD8F
                                        SHA1:0484BF9A9279195C6BB3535747ECEA853B8AA849
                                        SHA-256:4EB0FE7F954A6C7E59CB65CBAEB7CADD2DF3299DF15DED6D260D81B82FB64F02
                                        SHA-512:E9EEA609778AAC2D27294289ADC257E97F3378DD0D5956A1DBA9EA3E22E5219B4426DBA7621073796A5D9FBA3C8046925C10C964C4CFD777CC66CC54A8AD3ED1
                                        Malicious:false
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 0%
                                        Reputation:unknown
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........L...L...L...E.:.N.....O.....E.....D.....O.....N...L...m.....O.....V.M...L.>.M.....M...RichL...................PE..d....wg.........." ..........J.....`........................................@K.....Q.K...`A.................................................(..P....P....J..@........J.8_...0K.(....!..p............................"..8............ ...............................text............................... ..`.rdata....... ......................@..@.data...H....0......................@....pdata.......@....... ..............@..@.rsrc.....J..P....J.."..............@..@.reloc..(....0K.......J.............@..B................................................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zMailUI.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):1082168
                                        Entropy (8bit):6.452669598905568
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:6310EB420DAA326AB83E423D17B06FCB
                                        SHA1:68FC2FC6DF19F267C52D4037C0D75298D5C68B87
                                        SHA-256:1449B3E3A7339FBFBEB259570EF144FCF0FA2FCA8DB6DA412FDBE69C2DCB1A2C
                                        SHA-512:6B898D714738C8DFA710350D617A30D5B09623E5A715968EEBC4BFB88F16F5BEA832B97228CBB351AE7695E6B37389B8D04F313A1D7DC5D350B4088FF9DB439C
                                        Malicious:false
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 0%
                                        Reputation:unknown
                                        Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.........!U;.O.;.O.;.O.2...7.O.i.K.3.O.i.L.?.O.i.J.&.O.i.N.=.O.`.K.8.O.`.I.:.O.`.N.'.O...G.?.O...N.<.O.;.N..O...J./.O...O.:.O....:.O.;...:.O...M.:.O.Rich;.O.................PE..d....wg.........." .................s....................................................`A............................................t...4...........p............$..8_..........0...T.......................(.......8............................................text............................... ..`.rdata..............................@..@.data...(....p.......T..............@....pdata...............r..............@..@.rsrc...p...........................@..@.reloc..............................@..B........................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zMeshNetAgent.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):494904
                                        Entropy (8bit):6.408523273186528
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:2F2F41D271A11F6383F62DEDDCFDD309
                                        SHA1:54F7EB186D2A649CF3FB55F0A002321E663CE451
                                        SHA-256:AE1E4682A9DBFB9DADCEC926EF1D1FB27461D1FC793EAF286B3A6ECB243D3BD6
                                        SHA-512:43165A7296E03D201BF2A940E9B7245994FEA13DBD6655B869071CDA81983AB89FD0E5BF54201382F4E53558B62365BBBB538C2D583207C330F11127C8982E5D
                                        Malicious:false
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 0%
                                        Reputation:unknown
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......0..t..Mt..Mt..M}.kMx..M&..L|..M&..Lp..M&..Lh..M&..Lr..M/..L`..M...Ly..Mt..M..M...Lz..M...Lu..M...Mu..Mt.oMu..M...Lu..MRicht..M........PE..d....wg.........." .....V...........$.......................................p............`A.........................................................P....... ..t+......8_...`..........T.......................(.......8............p..P............................text....T.......V.................. ..`.rdata...]...p...^...Z..............@..@.data....C.......<..................@....pdata..t+... ...,..................@..@.rsrc........P....... ..............@..@.reloc.......`.......&..............@..B........................................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zMsgApp.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):321336
                                        Entropy (8bit):6.183452351691843
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:94102516E0B5BD602A6E86C28C914E0A
                                        SHA1:0DF021E36EAE8CBCDEC3871D3A8ED74040C35077
                                        SHA-256:0D05899AAC494659ABCC5437B3AB9DBF37F89C1D96319A7859B9562CB8F83CAC
                                        SHA-512:B5A4F6E20695061547D10EAE9EE084DDD45EEAF86A9BABC7BCE64F2B0FB011FAA1D92F0B2746FB594FEE962BE78C157F6E4B597235C641A523E7A9D04071AE8A
                                        Malicious:false
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 0%
                                        Reputation:unknown
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........^......................{.......|.......~.......z.......{.......y.......~.....d.~.......~.4...d.v.....d.......d..............d.}.....Rich............PE..d...".wg.........." ................................................................\.....`A............................................`.......h............p...%......8_.......$.. ...T.......................(.......8............................................text............................... ..`.rdata...c.......d..................@..@.data...@-...@.......&..............@....pdata...%...p...&...6..............@..@.rsrc................\..............@..@.reloc...$.......&...b..............@..B........................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zMsgAppCommon.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):9349432
                                        Entropy (8bit):6.38102137992754
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:680C92347B014B5079B931C4DD9CCB93
                                        SHA1:9839C8B9D10C0E202D796BED4B85BD9AE55BA68F
                                        SHA-256:8EAE45694FA3DDA1AACC7D7F89C1A8C170A98D431DAADAC720A5526E22F60DBF
                                        SHA-512:65E1924061613D24128133E1F9B7F88E6D910D6F2E61A6484A6CB544AEC7605820E4F351BCDAA6401C2E6A5ED99F39C577C0B909C993601FE33B413EAE6DC6D6
                                        Malicious:false
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 0%
                                        Reputation:unknown
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........}.............[......../......./......./......./......./......./.............../;....../......7......._......../....Rich............PE..d....wg.........." ......p......... .m.............................................e.....`A........................................._..0...@k.......@..........b...J..8_...P.......Fx.T....................Hx.(...`Fx.8.............p. ............................text....p.......p................. ..`.rdata...1....p..2....p.............@..@.data...........D.................@....pdata...b......d...2..............@..@.rsrc........@......................@..@.reloc.......P......................@..B........................................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zNet.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):2003768
                                        Entropy (8bit):6.584840561725084
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:A7B5373CD9A7E164728E2B4FAF4D28AD
                                        SHA1:F0AEF8464D56A860A1074C7BD710952F8C1F6E45
                                        SHA-256:A46200CDE0BDF73D1401FFFD9185509183E8E88D816FFC2B038C04F0D24FA44D
                                        SHA-512:02F0F8EB73D087AA236B1483712737CD5D5D5589D238939D6B5CEA95527F5477071AAAEEB15D024326C49C170BA797269729B846F6480C5BDB70F9EE8361EDA6
                                        Malicious:false
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 0%
                                        Reputation:unknown
                                        Preview:MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$.......]......................K......K......K......K........a.....B.......................F..........B........................N............c....................Rich............PE..d.....wg.........." .........N......................................................c-....`A...............................................p1..l....p..h.......\....4..8_...........5..p....................8..(...P6..8............ ..."...........................text............................... ..`.rdata....... ......................@..@.data............n..................@....pdata..\............@..............@..@.rsrc...h....p......................@..@.reloc..............................@..B........................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zNetUtils.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):602424
                                        Entropy (8bit):6.545617652166082
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:A3E1C1FE18A069B96CC91D52934D6E7D
                                        SHA1:F445CBB3410827639E9146FF7425FECF49E1C086
                                        SHA-256:D15C9D93F29E0A41191759E2F68CA8B6FE08CD6E64A41A30102973F34FE507D4
                                        SHA-512:830297D75D4CA2CECE8AB0FAE406B97EE29A0984F9AFEC75B996B039E99CCDA4EEEE0BD5E0DC66EF4729CC32B17B7C8B44CECA576404E5F9FBC23F5E244021DA
                                        Malicious:false
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 0%
                                        Reputation:unknown
                                        Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.........<#..Rp..Rp..Rp...p..Rp..p..Rp..Vq..Rp..Qq..Rp..Sq..Rp..Wq..Rpi.Vq..Rp..Sq..Rpi.Sq..Rpn.Sq..Rp..SpV.Rpn.[q..Rpn.Rq..Rpn.p..Rp...p..Rpn.Pq..RpRich..Rp................PE..d...L.wg.........." ......................................................... ......M.....`A........................................ ...0!..P...........h........T......8_..........@L..p....................N..(....L..8............................................text............................... ..`.rdata...[.......\..................@..@.data...0#...p.......X..............@....pdata...T.......V...n..............@..@.rsrc...h...........................@..@.reloc..............................@..B........................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zOutlookIMUtil.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):493880
                                        Entropy (8bit):5.4162580999648275
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:B6506CF1443667BEE48E8F27C510EA45
                                        SHA1:FC9219473B0495FC035251A185D89FEF1F997928
                                        SHA-256:B2AB7AA09A1AD3C6D426974E634359F8A6D102AFBCA028355E1F0DD73A6DDAEB
                                        SHA-512:8D671FE631AD8368C1C78BBA43978F0D0C201EAC7455652020692491C094618E366226CD1C8488D0B2009D4D43496C0F9694A3E3F986C152FD273467E30E1E4B
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......'.u.c..Ic..Ic..Ij..Ie..I1..Hg..I1..Hk..I1..Ha..I1..H{..I...Ha..I...Hg..I...Hh..Ic..I>..I...H`..I...Hb..I...Hb..I...Ib..Ic.Ib..I...Hb..IRichc..I........PE..d....wg.........." .....^...........d.......................................`............`A........................................P...........................0....*..8_...P.......|..T...........................@}..8............p...............................text....].......^.................. ..`.rdata...-...p.......b..............@..@.data...P...........................@....pdata..0...........................@..@.rsrc...............................@..@.reloc.......P.......(..............@..B........................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zPSApp.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):924984
                                        Entropy (8bit):6.159378100804242
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:43B9CFDAB355FD65F3E48C85ABF8D650
                                        SHA1:0F2B66E58929B5C9F7E8294BA78B8D35D67F3399
                                        SHA-256:0D2B04D51EC8DE0C2F2C55559CEA66FEF5EEA964D7EB6C760F56137617773B59
                                        SHA-512:2350239DFE11794CC67008551B0641BB41D412D56C93F6AA13B864F9B03391BC46D3E631F341CDC94F205EC722FE1433BA06D9398E74691C61D9B887E9E5E785
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.........#$H.MwH.MwH.MwA..wD.Mw..Iv@.Mw..NvL.Mw..HvT.Mw..LvN.Mw..KvI.Mw..Lv\.Mw..LvE.MwH.Lw..Mw..Dv/.Mw..MvI.Mw...wI.MwH..wI.Mw..OvI.MwRichH.Mw........................PE..d.....wg.........." ................................................................?7....`A........................................P4......05..h............@...s......8_......`5......T.......................(...p...8............................................text............................... ..`.rdata..............................@..@.data....~.......t..................@....pdata...s...@...t..................@..@.rsrc...............................@..@.reloc..`5.......6..................@..B................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zPTApp.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):5992248
                                        Entropy (8bit):6.38379747599736
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:69CAB84125086080ADBF29BF1EA2AFCB
                                        SHA1:352C0071927CC55087A1248B634B6C2CA0A7F9D5
                                        SHA-256:716571525F9399412931BF0020F4E04DE922C6EBD0A6B36F87D1EE0DA3DA8966
                                        SHA-512:F904EFAE72E9D0CEF4BFD939DDF6F378B0B3121FC405A993FC3BA7C8A8C991BA31EDD3C2AC01AAF4C168E67BF618BA5355D6BEC4ABD482C93268616A664238C9
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$........ .<.A.o.A.o.A.o.9.o.A.o.4.n.A.o.4.n.A.o.4.n.A.o..`o.A.o.4.n.A.o.).n.A.o.).n.A.o.4.n.A.o.4.n.A.o.).n.A.o.4.n.A.o.A.o4J.o.4.n.@.o.4.n.A.o.4bo.A.o.A.o.A.o.4.n.A.oRich.A.o........PE..d....wg.........." ......A..........>.......................................\.......[...`A.........................................0S......2S.......\......PY......[.8_....\.(.....I.T.....................I.(...@.I.8.............A..O...........................text...;.A.......A................. ..`.rdata...+....A..,....A.............@..@.data....s....U.......U.............@....pdata......PY.......W.............@..@.rsrc.........\......ZZ.............@..@.reloc..(.....\......`Z.............@..B................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zTscoder.exe

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):445752
                                        Entropy (8bit):6.278849047191474
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:95F5BF34C8F32AA165EED7DDDD0C2FD9
                                        SHA1:E68E6371857CE78C33877828773E6C577405C43C
                                        SHA-256:628D5EB457E47651FC56A85FB6A5B612BB36D804EBFBA0712405D636F52DE7B7
                                        SHA-512:0F258826DD8D333E0443612766A279B1CA94D659A0CA9FBBB0FD67B2EBE938206347D389C2B8E164B379207644F8F1F105645791C38E386DBD0517D4A1752C59
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........`...........y[.....t.....t.....t.....t.....i.....i.....i....Wt....Pt..........Pt.....Pt7......_....Pt....Rich...................PE..d...].wg.........."......"...P.................@....................................YN....`.................................................p...X.......(.......$....n..8_.............p.......................(...P...8............@..p............................text...| .......".................. ..`.rdata... ...@..."...&..............@..@.data....]...p...V...H..............@....pdata..$...........................@..@.rsrc...(...........................@..@.reloc...............f..............@..B................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zUIRes.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):57144
                                        Entropy (8bit):6.834608830730286
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:C3FEA10CA82B1DDC7FF94D1A34BC0BC0
                                        SHA1:53E5AE191D0501EE80D9A1FC4C129C8BA5A86528
                                        SHA-256:AEE4EB658808D8D5D624DA57D3269B63F8C2F34C1B2AA5CC8B241CA46797CE8C
                                        SHA-512:55316AE852C60487DA12EA4777A8FB5E2CD7A534A82C3AFDA7DD8CC710D62DC40A423A3B1EA9B6BEBACE227130E9EC176FE44DDD9BC8B3DA7C0049B7660E9E60
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......p..K4.r.4.r.4.r.=...2.r.f.w.%.r.f.v.<.r.f.q.7.r.f.s.2.r.o.s.6.r...s.1.r.4.s.j.r...{.7.r...r.5.r.....5.r.4...5.r...p.5.r.Rich4.r.........................PE..d.....wg.........." .....F...<.......J..............................................+.....`A.........................................v.......x..........h...............8_...........e..T............................e..8............`...............................text....E.......F.................. ..`.rdata...%...`...&...J..............@..@.data................p..............@....pdata...............r..............@..@.rsrc...h............x..............@..@.reloc...............~..............@..B........................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zUnifyWebView.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):834360
                                        Entropy (8bit):6.2912570949160695
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:4DD3AA44E85C9349F62E553D165ADFA8
                                        SHA1:2804A40C54D4EA17143D8C03AC7F9EB962F082E4
                                        SHA-256:C3994652B981F0936DAC06F98B1CF683838051185AD8BDB68BC85F3166A27BD0
                                        SHA-512:1E50CB6610E74FF3014982058131FC41B3FA5E4A392A4493821250F4C5AF7CEE2D2C1FA9CE8FFE72DE4CD54B142CCD987B216912513078CE8DE2FBC3A64F3884
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......P..G..............u.....F.......F.......F.......F.......O.......O.......O.........................U...................q............Rich............PE..d.....wg.........." ................0.....................................................`A........................................ ...........X............ .. [...\..8_......4...PA..p....................C..(....A..8............................................text............................... ..`.rdata..............................@..@.data....].......J..................@....pdata.. [... ...\..................@..@.rsrc................F..............@..@.reloc..4............L..............@..B........................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zUpdater.exe

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):188728
                                        Entropy (8bit):6.442298587647824
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:B6ECA482F7CCC754C54F5AF178D7B0B3
                                        SHA1:FB9CECB4340987AD3218C902300C0D9702C1E686
                                        SHA-256:F7431362F7CE83425D6FA80ECC5A4353410FD53CE5371D3A0977AC61067A6FFE
                                        SHA-512:F981CC54E2C8EEC6E9C441D8C870DAEF2332D2AC68FF32063DBBC3BE4A9E602C066E79A2841A2022BF8F623DAE7E6049F3D271ACE67597F9F66CD79D825D87D9
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............}..}..}..|..}..|.6.}..x..}..y..}..~..}..y..}..~..}..x.1.}.s.t..}.s....}.....}.s....}.Rich..}.................PE..d....wg.........."......~........... .........@....................................Y.....`.................................................`J..........x...............8_..........$$..p...........................P...8....................H..`....................text....}.......~.................. ..`.rdata..............................@..@.data.... ...`.......J..............@....pdata...............X..............@..@.didat..8............p..............@..._RDATA...............r..............@..@.rsrc...x............t..............@..@.reloc...............z..............@..B........................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zVideoApp.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):8389432
                                        Entropy (8bit):6.369217632886168
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:0F2BF5AAA8D0DAF041182C5259B266B0
                                        SHA1:3D14525EA73DCCDB8289D291362E6C2163537090
                                        SHA-256:D83B880A733DF89D2AF2B8E19B5D78340611D946876FE37CC9805D661107A364
                                        SHA-512:1F28312C4D95D36F613FF0B1BEAE59FEDF0C08E3A2CC30952A6398B1F95499A38FE397313C0D83F41D7BE6DE0C18A5CD65ECB364BB68987401389EF11727C955
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.......8..|e..|e..|e..u...he......te......xe......^e......ze..'...}e..'...je.....~e......e.....he.....me..|e..0m.....?d.....}e...p.}e..|e..}e.....}e..Rich|e..................PE..d.....wg.........." ......Y..~&.....0.W......................................`.......C....`A........................................p.r.`.....r.l.....~.h.....z.........8_....~.$....^d.T....................`d.(...._d.8.............Y.07...........................text...|.Y.......Y................. ..`.rdata........Y.......Y.............@..@.data....'....t.......t.............@....pdata........z......Jz.............@..@.rsrc...h.....~.......~.............@..@.reloc..$.....~.......~.............@..B................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zVideoUI.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):13654840
                                        Entropy (8bit):6.201421222345533
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:4996C9267CAD89CFC9F2A3941F6B4018
                                        SHA1:58E59A1D9985A18FABEDECBCB0BB83279BF3C311
                                        SHA-256:4C11F71A44B9EF8A31F3C80B7389242C3A6A4C50424E049D88A80F28737219DD
                                        SHA-512:6627B3C350E86D89911A9758048E3DC4F8EB4444B4795B64F8FB1C8E2E69679F6CB31F58499C047D611C5FBECDB3891C286274C6E60CA0B56A3B037A85B72031
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$........W.o.6.<.6.<.6.<.N.<.6.<.C.=.6.<.C.=.6.<.C.=.6.<.C.=.6.<.^.=.6.<.^.=.6.<.^.=.6.<.^.=.6.<lC.=.6.<.6.<./.<oC.=.6.<lC.=.5.<lC.=.6.<lCe<.6.<.6.<.6.<lC.=.6.<Rich.6.<................PE..d.....wg.........." .....v...\I....................................................c.....`A.............................................T......p.......p....p...:......8_.......D......p.......................(.....8............................................text....u.......v.................. ..`.rdata....:.......:..z..............@..@.data...............................@....pdata...:...p...:...t..............@..@.rsrc...p...........................@..@.reloc...D.......F..................@..B................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zWBUI.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):430904
                                        Entropy (8bit):6.089544089981983
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:0E31DE221AB2F1EFEDD36D6C01C2CF6E
                                        SHA1:CA44DC39A0DB8C7B07F0A0DB9D3A912D98995423
                                        SHA-256:687394DB71DF361BDA29A32A6FCFA5A141F65530FC3827C26CB92D029FD6C089
                                        SHA-512:828E7B2610CD7A4FDE8D56C5DCEE5AF4E08B87D2EC263F0E36CDC9D90EF68259F82C775DBAFB0D13637A31811BCAC1B9C5C0DAEA355D9F9574E5C8FDB70FB42B
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........G...)_..)_..)_..._..)_..-^..)_..*^..)_..,^..)_..(^..)_z.(^..)_c.(^..)_..(_u.)_c. ^..)_c.)^..)_c.._..)_..._..)_c.+^..)_Rich..)_........PE..d...t.wg.........." .........l..............................................p............`A............................................x.......T.... ..........t....4..8_...0.. 6..P...p.......................(.......8............................................text...\........................... ..`.rdata..............................@..@.data....U.......P..................@....pdata..t........ ..................@..@.rsrc........ ......................@..@.reloc.. 6...0...8..................@..B........................................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zWBUIRes.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):325944
                                        Entropy (8bit):5.8814980345359675
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:819EA2980049A727FE7F2A4BE21208F8
                                        SHA1:9BE95BE924AB241DB83C0EFB6CABC2F7C2BAFF77
                                        SHA-256:38F5DC5F4642764CED2FB4091B26E49BBDB65B4C7BF73A2C5A3115B280383A57
                                        SHA-512:4E6EDA6123E428C1A80B43EA8DA0AF1D460AA1FF41757A082E7ED9750D7220CBA2AEF1D5B7B4A94DA4085C966EBF3D8EAEBC1CEAA5BC22784F043A8F5CF17A00
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......@...................V......V......V......V...............%.........|.................Rich...........PE..d....wg.........." ................`...............................................$.....`A.................................................(..P....P..8u...@..........8_......(....!..p............................"..8............ ...............................text............................... ..`.rdata....... ......................@..@.data...H....0......................@....pdata.......@....... ..............@..@.rsrc...8u...P...v..."..............@..@.reloc..(...........................@..B........................................................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zWebService.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):7647544
                                        Entropy (8bit):6.430984179864309
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:1AC1F96550B6FD7FACC753DB4835814F
                                        SHA1:1771D0D06A235CD312FA585A02E044FDCED52E5B
                                        SHA-256:ACD9F148FF79D2B7FC3EB03FDAEC9627681F2068247EE5385B320AD01F1F982D
                                        SHA-512:48FBF0B9C5F6F64372F2110B221DFDF4EDB8D677DCB8072F24668EDA70320A30088590D7E748F802C581FA1D3DD097695A06F2D6FEEF83817E7E555130C26EEC
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$........9.UX..UX..UX..\ 4.AX..37Z.QX...-..]X...-..QX...-..wX...-..SX...-..4X...(..DX...-..WX...0..CX...-..XX..UX...\...-...X...-..TX...-X.TX..UX0.TX...-..TX..RichUX..........................PE..d...A.wg.........." .....ZY..........;S.......................................u......?u...`A..........................................l.......l.......t.h.....q......Rt.8_....t.,...0.c.p.....................c.(.....c.8............pY.(............................text....XY......ZY................. ..`.rdata..(F...pY..H...^Y.............@..@.data.........m.......m.............@....pdata........q.......p.............@..@.rsrc...h.....t......vs.............@..@.reloc..,.....t......|s.............@..B........................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zWebview2Agent.exe

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):891704
                                        Entropy (8bit):6.3581777568486215
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:6BF8821AA6B858D4D27CB26C6C3E6198
                                        SHA1:838A2FBC7D4A7388F915210EF5103082B7B83C14
                                        SHA-256:53785A724573CDE0EFA17F137D2C3FEA8BD4EBE479B29F000D26A60520F052F7
                                        SHA-512:9483CAF2F3DA8769870689EF0090E9F89410B16B99DD78B02745658FCFA11FBBAD50C280B353AA6FDE306C3D244469A5B1E1555CE1862488F447D8A3284CAD04
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......S..............p....E.....E.....E..2..E.....q...................................?..........t.........Rich...........PE..d.....wg.........."..................J.........@....................................v.....`..................................................=..0.......X.......(;...<..8_..............p.......................(...P...8............................................text...+........................... ..`.rdata..@H.......J..................@..@.data....k.......,..................@....pdata..(;.......<..................@..@.rsrc...X............X..............@..@.reloc...............(..............@..B........................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zWinRes.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):10146104
                                        Entropy (8bit):6.146583290261212
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:1DE162CA95C192B5FB9CEA71FBBCBAD7
                                        SHA1:69223BF8E3F22EA2F9B9184B6182ACB77864CFC5
                                        SHA-256:4850D21104B644E8215FAF3A0AC02DF08CA304BD41197D77A7D8C21C85EC9FB9
                                        SHA-512:876F2DCD39B6B6348020E82313F60EFC5C2E0F16987F6E11A410D69D8C0D0C75307BF8BE18936A0011912DC492A25C084E009C62599CB0603F4BF99CA4FF72E6
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........i..{:..{:..{:...:..{:..z;..{:..~;..{:...;..{:..x;..{:..z;..{:..z:..{:].r;..{:].:..{:...:..{:].y;..{:Rich..{:................PE..d.....wg.........." .........f......`...............................................B....`A.................................................(..P....P...L...@.......r..8_......(....!..p............................"..8............ ...............................text............................... ..`.rdata....... ......................@..@.data...H....0......................@....pdata.......@....... ..............@..@.rsrc....L...P...N..."..............@..@.reloc..(............p..............@..B................................................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zlt.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):6079800
                                        Entropy (8bit):6.670116185695105
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:E5922AE551090142DA401A130CBC2BCD
                                        SHA1:640F55AD8CFC1D2D647D22F9FE8C088CD66D547F
                                        SHA-256:3C4D0CBCAE074EBA1A8A82F2AE1C5D8216D8A0E032209B61C16AF9C2AD042B32
                                        SHA-512:F65DD1A0DE2D2BCC5CEF3C8505FA04613E8DAA421E3768523F70151BF38E850E9CF4E77A4F8D5AFD893DD428905250F3BBB13CAF9A71E83ACD19EB1C5031F499
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......#.g...g...g...n.H.w...<...f...5...a...5...x...5...o...5...c...<...v...g...P...g...(..............f.....$.f...g.L.f.......f...Richg...........PE..d...n.wg.........." .....ZJ...........I......................................P].....Z.]...`A........................................@oZ..... qZ.|.....].......[..}...f\.8_... ]..%...VW.p....................XW.(....WW.8.............J..............................rodata..E.......F.................. ..`.text.....7..`....7..J.............. ..`.rdata..,.....J......^J.............@..@.data.........Z..D...xZ.............@....pdata...}....[..~....Z.............@..@.rsrc.........]......:\.............@..@.reloc...%... ]..&...@\.............@..B........................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zm_conf_universal_ui.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):245560
                                        Entropy (8bit):6.249051679043597
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:03241506004D99FEFB8426147D9F15C2
                                        SHA1:554562990F4208B6DCC3732E1AC0C6EAA3B2501A
                                        SHA-256:45F6B9BA9E8F2D9C613319254466FDA20EA6EAA947B394FC02F5C7D81351AD78
                                        SHA-512:998C65485DBBE73F5CCEEAA3978EFF4A50D8CC4C54659BE8AED70896BB5D4F56F42120F2F8D53BC9DE8B89C200E0A625C63A716E38C1AC746070EAE3C6B358A7
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........M...........J.....................................................................&.....N...........Rich...................PE..d...".wg.........." .........`......................................................'.....`A.........................................................p..h....P.......`..8_..............T...............................8............ ...............................text............................... ..`.rdata..2.... ......................@..@.data...x8.......&..................@....pdata.......P.......(..............@..@.rsrc...h....p.......F..............@..@.reloc...............L..............@..B................................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zmb.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):1159992
                                        Entropy (8bit):6.47317398047003
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:FA1DC1B58E4E3596EC415D4AC2C4D7B0
                                        SHA1:ADA4E7812A0EA9407BB93B939601F9328C5F1890
                                        SHA-256:B9C003247137372F3FADC1DCA996FF8E88EA5C5CA44743B191FED237B398F8CE
                                        SHA-512:D9422901C2E323D08257506472287AB38F30BA0546C2624F08A180F5778973617C6DE058308C0DA6D672C010315172A4529937EB616754BD726B0E605779C27A
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........S..YS..YS..YZ.WYC..Y...XU..Y...XK..Y...X[..Y...XW..Y...XW..Y...XP..YS..YS..Y...X...Y...X...Y...XR..Y..;YR..YS.SYR..Y...XR..YRichS..Y........PE..d.....wg.........." .........R......`................................................&....`A.........................................s.......s..,...................T..8_...........C..p....................F..(...PD..8............ ..0............................text............................... ..`.rdata...s... ...t..................@..@.data...06.......0...~..............@....pdata.............................@..@.rsrc................B..............@..@.reloc...............H..............@..B................................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zoombase_crypto_shared.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):2071352
                                        Entropy (8bit):6.582518629557565
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:AD09BDE95563CEF53143FE11B647312F
                                        SHA1:0EB18115DC7A9165665B59B42A1D94CDB1754BFD
                                        SHA-256:D0A6CFF9D99AE367C3126ED7F1D1C2C39B2D5E01339DCD207A078AE96193D01E
                                        SHA-512:19CF89B40E6F9AFA72ACA823118BB809DA1C207CB9BA935E7AAF309A31B25F5F17A6D1A12686CF51E6BCCFF7B4362C4BB9EAAF0347207CA7AFDFD3D29F3B5443
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.................}...............................a..........e......#..b....b....b.......y....b....Rich...........................PE..d.....wg.........." .....z...........j............................................... ...`A................................................,H..........h....p.......<..8_..............T.......................(...p...8............................................text...Ly.......z.................. ..`.rdata...............~..............@..@.data...T........z..................@....pdata.......p......................@..@.rsrc...h............"..............@..@.reloc...............(..............@..B........................................................................................................................................................................................................

                                        C:\Users\user\AppData\Roaming\Zoom\zoom_install_src\zzhost.dll

                                        Download File
                                        Process:C:\Users\user\AppData\Roaming\Zoom\ZoomDownload\Installer.exe
                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                        Category:dropped
                                        Size (bytes):382776
                                        Entropy (8bit):5.742089869751085
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:D7AB0210278961DB0434B2F95A044A00
                                        SHA1:8A97C08924D3C3B3D5EB6D6FD8888E1276854A49
                                        SHA-256:2F2F8728BCB9DCA4F829AFD8800EA415E23B079F132DB4338121B09505C4CA06
                                        SHA-512:16D2C8F9DB12CB437420B1D37FE9ECC9E8B68A46A855A1276E33C2857A7DB06A101C8CC9207F792C600C69F8DA30CED9198369817FF52739E6B30F5D70AB8943
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........`\]I.2.I.2.I.2..t6.A.2..t1.M.2..t7.R.2..t3.O.2.]j5.H.2.]j6.H.2..t3.M.2.@y..i.2.]j3.N.2.I.3.Q.2..t;.k.2..t2.H.2..t..H.2.I...H.2..t0.H.2.RichI.2.........PE..d...%.wg.........." .....:...F...... .....................................................`A............................................@...P2..........h....p..P%...x..8_...... ...@...p.......................(.......8............P...............................text...z8.......:.................. ..`.rdata.......P.......>..............@..@.data........`.......H..............@....pdata..P%...p...&...F..............@..@.rsrc...h............l..............@..@.reloc.. ............r..............@..B........................................................................................................................................................................................................................

                                        C:\Users\user\Downloads\2d992bd7-d94b-4d83-9390-a0e8c5c8b1c4.tmp

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                        Category:dropped
                                        Size (bytes):10061
                                        Entropy (8bit):6.241826473528205
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:536ED740048545BA9862EC8A8B020278
                                        SHA1:7C1BBCAF641E43ADFDE3617FE075BE6845987E03
                                        SHA-256:93EC5E1FC7F3FEF1EC148CE0290736C812B88E68ED43558C9F849921C2C305AD
                                        SHA-512:E5670F382E7F825B4DE3C657C6E0BD09590360AA150D3A18CBADE424BA9FB6CD4881F998F73E9634307E49C8741270082E7B065683E03BE318243164D3EEB528
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......t..0...0...0...k..1...k...!...0......b..>...b..<...b.. ...k..7...k..E...k..$...............1.......1...Rich0...........PE..L...._g.............................t............@.......................................@................................. 1..........x............h..8_...........(..p........................... ...@...............H..../..`....................text.............................. ..`.rdata..............................@..@.data........P.......2..............@....didat..(....p.......<..............@....rsrc...x............>..............@..@.reloc...............N..............@..B................................................................................................................................................................................................................................................................

                                        C:\Users\user\Downloads\Unconfirmed 201182.crdownload

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                        Category:dropped
                                        Size (bytes):182072
                                        Entropy (8bit):6.8107383176660115
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:84928D50CA36826F9190E141AA8F2CFB
                                        SHA1:3F1C682ECA0C9D5B49BFD9ABD41E542E52DF5B68
                                        SHA-256:1ED09BAE10F2216D76D9F3E914D04952C186CB1B23A19574F92D0D014A9F4F05
                                        SHA-512:C9771835B2809CAEB5D9CD6791D2FD99375F88881D43BEEEEE644C417AD9E53884B266EB01DDD6860375D02499F9686C563DF39B8425A7141D476B5E730F435F
                                        Malicious:false
                                        Antivirus:
                                        • Antivirus: ReversingLabs, Detection: 0%
                                        Reputation:unknown
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......t..0...0...0...k..1...k...!...0......b..>...b..<...b.. ...k..7...k..E...k..$...............1.......1...Rich0...........PE..L...._g.............................t............@.......................................@................................. 1..........x............h..8_...........(..p........................... ...@...............H..../..`....................text.............................. ..`.rdata..............................@..@.data........P.......2..............@....didat..(....p.......<..............@....rsrc...x............>..............@..@.reloc...............N..............@..B................................................................................................................................................................................................................................................................

                                        C:\Users\user\Downloads\Zoom_cm_fotiZ9vvrZo4_mJGohcJr5Wi4nh-+oH9qDAdNxPgV4bAl8sJE@Ya299Uo3BvkVZYb-_ke7c3d59090895be7_.exe (copy)

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                        Category:dropped
                                        Size (bytes):0
                                        Entropy (8bit):0.0
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:84928D50CA36826F9190E141AA8F2CFB
                                        SHA1:3F1C682ECA0C9D5B49BFD9ABD41E542E52DF5B68
                                        SHA-256:1ED09BAE10F2216D76D9F3E914D04952C186CB1B23A19574F92D0D014A9F4F05
                                        SHA-512:C9771835B2809CAEB5D9CD6791D2FD99375F88881D43BEEEEE644C417AD9E53884B266EB01DDD6860375D02499F9686C563DF39B8425A7141D476B5E730F435F
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......t..0...0...0...k..1...k...!...0......b..>...b..<...b.. ...k..7...k..E...k..$...............1.......1...Rich0...........PE..L...._g.............................t............@.......................................@................................. 1..........x............h..8_...........(..p........................... ...@...............H..../..`....................text.............................. ..`.rdata..............................@..@.data........P.......2..............@....didat..(....p.......<..............@....rsrc...x............>..............@..@.reloc...............N..............@..B................................................................................................................................................................................................................................................................

                                        C:\Users\user\Downloads\zopener_8a4800ea0a3f43f4bafd7706c1a4e7ee.log

                                        Download File
                                        Process:C:\Users\user\Downloads\Zoom_cm_fotiZ9vvrZo4_mJGohcJr5Wi4nh-+oH9qDAdNxPgV4bAl8sJE@Ya299Uo3BvkVZYb-_ke7c3d59090895be7_.exe
                                        File Type:ASCII text, with very long lines (520), with CRLF, LF line terminators
                                        Category:modified
                                        Size (bytes):6826
                                        Entropy (8bit):5.723132112630467
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:2D08E89B228C9DA254A5B61CF4B6758F
                                        SHA1:01C987ABCE29421C5282816E20504AA78EFB4E88
                                        SHA-256:F3F17C19F37834B92AC6A980CEE9D515091810F31D9409DB08739164FF15C97B
                                        SHA-512:0FA08A708713A4B1EF24E041E445554097F7F185A6D7EFFC4685440582EF2F3371D0E0B92F2713A2827AB6E1719261FDFC29A5D934409ADEEB35219CA65526BA
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:[7684:7688:2025-1-9 18:46:40.185] Main Start.[7684:7688:2025-1-9 18:46:40.185] Command line:"C:\Users\user\Downloads\Zoom_cm_fotiZ9vvrZo4_mJGohcJr5Wi4nh-+oH9qDAdNxPgV4bAl8sJE@Ya299Uo3BvkVZYb-_ke7c3d59090895be7_.exe" /normal.priviledge Instance:0x340000 Show State:1.[7684:7688:2025-1-9 18:46:40.249] Zoo.[7684:7708:2025-1-9 18:46:40.249] [process_requst] start, url:https://ubc.zoom.us/conf/launch.[7684:7708:2025-1-9 18:46:41.144] [req_state_read_status_code] zHttpQueryInfo complete, status:200.[7684:7708:2025-1-9 18:46:41.144] [req_state_read_status_code] zHttpQueryInfo complete, status:200 Error: 0.[7684:7708:2025-1-9 18:46:41.144] [read_response_content] API call zHttpQueryInfo failed, error: 12150.[7684:7708:2025-1-9 18:46:41.160] [log_response_content] Content length (1048576 as unknown):1048576 , Total read: 2395 , Error No: 0 , Status code: 200.[7684:7708:2025-1-9 18:46:41.160] [log_response_content] header:.[7684:7708:2025-1-9 18:46:41.160] HTTP/1.1 200 OK..Date: Thu, 09 Jan 2025

                                        Chrome Cache Entry: 409

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:Unicode text, UTF-8 text, with very long lines (18338)
                                        Category:downloaded
                                        Size (bytes):81007
                                        Entropy (8bit):5.502940052982104
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:CBE1343F6D0BB25C834ED945BF359002
                                        SHA1:44697AE04C01BF9B4DC5C132E4C8F22F6C43DD42
                                        SHA-256:6C771B56F5A8B03487BCA289A9395677ED52E179C8A06169D26B0F14C152E0BF
                                        SHA-512:28441D6BAF2C1A24F21B02923F56142438E3F60EFFB4B8673EE76C92B23D00BB32701662D6479E32D9D4DEBC6C9A2AB1FE2BD603EA8893A0181C741CED52B270
                                        Malicious:false
                                        Reputation:unknown
                                        URL:https://us01ccistatic.zoom.us/us01cci/web-sdk/chat-client.js
                                        Preview:(function(){"use strict";var xr;var kt=typeof globalThis<"u"?globalThis:typeof window<"u"?window:typeof global<"u"?global:typeof self<"u"?self:{};function Lt(e){return e&&e.__esModule&&Object.prototype.hasOwnProperty.call(e,"default")?e.default:e}var $t={exports:{}};(function(e,t){(function(r,o){e.exports=o()})(kt,function(){var r=1e3,o=6e4,n=36e5,s="millisecond",i="second",c="minute",u="hour",d="day",l="week",a="month",h="quarter",f="year",m="date",b="Invalid Date",S=/^(\d{4})[-/]?(\d{1,2})?[-/]?(\d{0,2})[Tt\s]*(\d{1,2})?:?(\d{1,2})?:?(\d{1,2})?[.:]?(\d+)?$/,E=/\[([^\]]+)]|Y{1,4}|M{1,4}|D{1,2}|d{1,4}|H{1,2}|h{1,2}|a|A|m{1,2}|s{1,2}|Z{1,2}|SSS/g,z={name:"en",weekdays:"Sunday_Monday_Tuesday_Wednesday_Thursday_Friday_Saturday".split("_"),months:"January_February_March_April_May_June_July_August_September_October_November_December".split("_"),ordinal:function(_){var y=["th","st","nd","rd"],g=_%100;return"["+_+(y[(g-20)%10]||y[g]||y[0])+"]"}},O=function(_,y,g){var C=String(_);return!C||C.l

                                        Chrome Cache Entry: 411

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:JSON data
                                        Category:downloaded
                                        Size (bytes):69
                                        Entropy (8bit):4.057426088150192
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:B04CD3F8043EF04F417D4B0E4BCBBC03
                                        SHA1:88F259A4AE3045409B3657E7D7A791D321BA9DCE
                                        SHA-256:59E58524340CD7AD353BE010374B124C242FDDE10A0ED41047FE2FD4BB9E5A2E
                                        SHA-512:A285C493B939D2A165D80F87FC830F5D02AFCC7A8EA1C5CAF9CAA87ABD286F1C98598FFD83023044BDB23D344C60EEF6A6C4BFEDEDD42A4297A0AC09E22FA5B2
                                        Malicious:false
                                        Reputation:unknown
                                        URL:https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location
                                        Preview:{"country":"US","state":"NY","stateName":"New York","continent":"NA"}

                                        Chrome Cache Entry: 416

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:ASCII text, with very long lines (1114)
                                        Category:dropped
                                        Size (bytes):1392922
                                        Entropy (8bit):5.382713496300294
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:50F5F1520ECD14BC7C6EC8A33B66C641
                                        SHA1:0F698A28E869151FAEF55D932D7E5CBAFFC8D8EC
                                        SHA-256:EC92D95885B91D0D4A8E44684AD99D449265346B9CE1AEF1ABB47B868CAF3027
                                        SHA-512:3E42B33D890731476C98EDA1B38552C81DCB5330FA578E7F1170F5D083B63A1AF7D8690521593592ACB91EBFDD7D5280BE87140DB01B04699010EA0C631F49A6
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:var s_ = Object.defineProperty;.var i = (e, t) => s_(e, "name", { value: t, configurable: !0 });.function l_(e, t) {. for (var a = 0; a < t.length; a++) {. const n = t[a];. if (typeof n != "string" && !Array.isArray(n)) {. for (const r in n). if (r !== "default" && !(r in e)) {. const o = Object.getOwnPropertyDescriptor(n, r);. o && Object.defineProperty(e, r, o.get ? o : {. enumerable: !0,. get: /* @__PURE__ */ i(() => n[r], "get"). });. }. }. }. return Object.freeze(Object.defineProperty(e, Symbol.toStringTag, { value: "Module" }));.}.i(l_, "_mergeNamespaces");.var Ka = typeof globalThis < "u" ? globalThis : typeof window < "u" ? window : typeof global < "u" ? global : typeof self < "u" ? self : {};.function bn(e) {. return e && e.__esModule && Object.prototype.hasOwnProperty.call(e, "default") ? e.default : e;.}.i(bn, "getDefaultExportFromCjs");.function c_(e) {. if (e.__esModule) return e;. var t = e

                                        Chrome Cache Entry: 418

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:ASCII text, with no line terminators
                                        Category:dropped
                                        Size (bytes):80
                                        Entropy (8bit):4.33221219626569
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:1AE6B27EBA211F4CFCD99B904DA88BB7
                                        SHA1:53CA38F083C4A21F2EDA633EC304CB4582EDEDA2
                                        SHA-256:961635B4E9661208EC118D285B3AC1DBF9F3CC96CDDC97F30E55CD2C6566448C
                                        SHA-512:7DD325AB05B1A419614C2C39224C11E1388F09BCA5EA0F56811E6842B4FB243BCB53AA2BDDE00A94FBC324222B47924152C183337EB390F58C59AC80E89593B6
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:jsonFeed({"country":"US","state":"NY","stateName":"New York","continent":"NA"});

                                        Chrome Cache Entry: 421

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:Unicode text, UTF-8 text, with very long lines (31575)
                                        Category:downloaded
                                        Size (bytes):31909
                                        Entropy (8bit):5.488789123222785
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:EE6E48B4073D72AE88A31205FBBC3CA7
                                        SHA1:ADE6A96848805A36D898D53E90804E75D86CC8BE
                                        SHA-256:781331C091B62243CA57852A71DB442D0B37E50BB41114407C01E5A535516C50
                                        SHA-512:FF497D02627040ECD6CDAD3C2C1139ADDCF3864F2CEF98B2ED787B34393E7DFBD3859977F11BCCC5FA99D513FF3875011DB6D5E0265DC2D6BE5680BC489F6551
                                        Malicious:false
                                        Reputation:unknown
                                        URL:https://ca01st3.zoom.us/static/6.3.29842/js/lib/fingerprintjs-3.3.3.min.js
                                        Preview:/**. * FingerprintJS v3.3.3 - Copyright (c) FingerprintJS, Inc, 2022 (https://fingerprintjs.com). * Licensed under the MIT (http://www.opensource.org/licenses/mit-license.php) license.. *. * This software contains code from open-source projects:. * MurmurHash3 by Karan Lyons (https://github.com/karanlyons/murmurHash3.js). */.!function(e,t){"object"==typeof exports&&"undefined"!=typeof module?t(exports):"function"==typeof define&&define.amd?define(["exports"],t):t((e="undefined"!=typeof globalThis?globalThis:e||self).FingerprintJS={})}(this,(function(e){"use strict";var t=function(){return t=Object.assign||function(e){for(var t,n=1,r=arguments.length;n<r;n++)for(var a in t=arguments[n])Object.prototype.hasOwnProperty.call(t,a)&&(e[a]=t[a]);return e},t.apply(this,arguments)};function n(e,t,n,r){return new(n||(n=Promise))((function(a,o){function i(e){try{u(r.next(e))}catch(t){o(t)}}function c(e){try{u(r.throw(e))}catch(t){o(t)}}function u(e){var t;e.done?a(e.value):(t=e.value,t instanceof

                                        Chrome Cache Entry: 423

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:HTML document, ASCII text, with very long lines (5313)
                                        Category:downloaded
                                        Size (bytes):6421
                                        Entropy (8bit):5.340032459736512
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:224BA3D16A1DB8D8F73330E47CF25715
                                        SHA1:2EB64AB8A16E57BB6C63821137C60C8867372C8D
                                        SHA-256:FA9B26738C2E9625C68571C4B3BC3F60DC8297E2D03836CF9E0C51880411019F
                                        SHA-512:CE6DB0CCD1CD0742ED1B9EB275038C94E2448559BBE150426BC3E88EF7CAE0AD067CFCC1C3DF6B7E9602550ADF8FB96054FFBE75EE26EEF60FCB026EBFE238D1
                                        Malicious:false
                                        Reputation:unknown
                                        URL:https://us01ccistatic.zoom.us/us01cci/web-sdk/cross-storage.html
                                        Preview:<!DOCTYPE html>.<html lang="en">. <head>. <meta charset="UTF-8" />. <meta name="viewport" content="width=device-width, initial-scale=1.0" />. <title>Livesdk</title>. <script type="module" crossorigin>.(function(){const t=document.createElement("link").relList;if(t&&t.supports&&t.supports("modulepreload"))return;for(const r of document.querySelectorAll('link[rel="modulepreload"]'))s(r);new MutationObserver(r=>{for(const o of r)if(o.type==="childList")for(const a of o.addedNodes)a.tagName==="LINK"&&a.rel==="modulepreload"&&s(a)}).observe(document,{childList:!0,subtree:!0});function n(r){const o={};return r.integrity&&(o.integrity=r.integrity),r.referrerPolicy&&(o.referrerPolicy=r.referrerPolicy),r.crossOrigin==="use-credentials"?o.credentials="include":r.crossOrigin==="anonymous"?o.credentials="omit":o.credentials="same-origin",o}function s(r){if(r.ep)return;r.ep=!0;const o=n(r);fetch(r.href,o)}})();/**. * @license. * Copyright 2019 Google LLC. * SPDX-License-Identifier: Apa

                                        Chrome Cache Entry: 426

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:ASCII text, with very long lines (65450)
                                        Category:dropped
                                        Size (bytes):537970
                                        Entropy (8bit):5.856829338914414
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:73AF84D01649473798B68E2407F960D4
                                        SHA1:F118A00C8B2D69AE4554EBFAE1DE03221F9EF27B
                                        SHA-256:E2E197A4570308C21AE58150D8FEA9D1832AC9936358C9E63A18567287DECC8E
                                        SHA-512:296F0BB2E8721F7AAC249B35EBE6D6534D20F00D1DD982814C2CF36D777ADE9AE4E9D8B5886C182263356DFAEC8333CEE8EE5EF1010F014891EE835870EA665E
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:/*! For license information please see meeting.a80ce84ab3be18f8c06b.js.LICENSE.txt */.var ZoomLaunchUI;!function(){var e={1791:function(e){"use strict";function n(e){return"undefined"!=typeof Float32Array?function(){var n=new Float32Array([-0]),t=new Uint8Array(n.buffer),o=128===t[3];function a(e,o,a){n[0]=e,o[a]=t[0],o[a+1]=t[1],o[a+2]=t[2],o[a+3]=t[3]}function i(e,o,a){n[0]=e,o[a]=t[3],o[a+1]=t[2],o[a+2]=t[1],o[a+3]=t[0]}function r(e,o){return t[0]=e[o],t[1]=e[o+1],t[2]=e[o+2],t[3]=e[o+3],n[0]}function s(e,o){return t[3]=e[o],t[2]=e[o+1],t[1]=e[o+2],t[0]=e[o+3],n[0]}e.writeFloatLE=o?a:i,e.writeFloatBE=o?i:a,e.readFloatLE=o?r:s,e.readFloatBE=o?s:r}():function(){function n(e,n,t,o){var a=n<0?1:0;if(a&&(n=-n),0===n)e(1/n>0?0:2147483648,t,o);else if(isNaN(n))e(2143289344,t,o);else if(n>34028234663852886e22)e((a<<31|2139095040)>>>0,t,o);else if(n<11754943508222875e-54)e((a<<31|Math.round(n/1401298464324817e-60))>>>0,t,o);else{var i=Math.floor(Math.log(n)/Math.LN2);e((a<<31|i+127<<23|83886

                                        Chrome Cache Entry: 427

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:ASCII text, with very long lines (22445)
                                        Category:downloaded
                                        Size (bytes):22446
                                        Entropy (8bit):5.308335869867166
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:CE4983A0A113AA01F62CE9F3E8C4D63D
                                        SHA1:4565E0AF74D87DAC4D4385BB4B754AC8861B75A9
                                        SHA-256:52E5401F96CA9A7FC38248BF9469BDC7006F53DE52D7ABFEC96F4A39CF665D6D
                                        SHA-512:9579AAEB38DDA33D30763D12545FECE367CFC0AAD662C6419156CC1694485839186F0FE6C74E84E4BA609A579C0019E9A27AE7631186EE3F94065F6E208AF928
                                        Malicious:false
                                        Reputation:unknown
                                        URL:https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
                                        Preview:var OneTrustStub=(t=>{var a,o,r,e,l=new function(){this.optanonCookieName="OptanonConsent",this.optanonHtmlGroupData=[],this.optanonHostData=[],this.genVendorsData=[],this.vendorsServiceData=[],this.IABCookieValue="",this.oneTrustIABCookieName="eupubconsent",this.oneTrustIsIABCrossConsentEnableParam="isIABGlobal",this.isStubReady=!0,this.geolocationCookiesParam="geolocation",this.EUCOUNTRIES=["BE","BG","CZ","DK","DE","EE","IE","GR","ES","FR","IT","CY","LV","LT","LU","HU","MT","NL","AT","PL","PT","RO","SI","SK","FI","SE","GB","HR","LI","NO","IS"],this.stubFileName="otSDKStub",this.DATAFILEATTRIBUTE="data-domain-script",this.bannerScriptName="otBannerSdk.js",this.domPurifyScriptName="otDomPurify.js",this.mobileOnlineURL=[],this.isMigratedURL=!1,this.migratedCCTID="[[OldCCTID]]",this.migratedDomainId="[[NewDomainId]]",this.userLocation={country:"",state:"",stateName:""}},s=((g=y=y||{})[g.Days=1]="Days",g[g.Weeks=7]="Weeks",g[g.Months=30]="Months",g[g.Years=365]="Years",(g=e=e||{}).Name="O

                                        Chrome Cache Entry: 429

                                        Download File
                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                        File Type:JSON data
                                        Category:dropped
                                        Size (bytes):6549
                                        Entropy (8bit):4.949898722798198
                                        Encrypted:false
                                        SSDEEP:
                                        MD5:E27046DCE354058D26DA10CBF80E006F
                                        SHA1:9E9EF938DB6DDA64393D2FA413BCC29C469282B8
                                        SHA-256:A47DD11DA2E0DDD463A3B74381FDDE1C6F137BFA02099DB02D9DFB8E11145389
                                        SHA-512:C95B6A2190DB0AFC0B80C0CD28BEB032764658DB459B7A547B72C90F0EB14BFF71DAADE4F3289948EE3A716BDFAFB81D993BB7194B6D6C0138B160A112EE9858
                                        Malicious:false
                                        Reputation:unknown
                                        Preview:{"CookieSPAEnabled":false,"CookieSameSiteNoneEnabled":false,"CookieV2CSPEnabled":false,"MultiVariantTestingEnabled":false,"UseV2":true,"MobileSDK":false,"SkipGeolocation":false,"ScriptType":"PRODUCTION","Version":"6.21.0","OptanonDataJSON":"b0bfa2ae-4058-4aef-8632-a5281ce4464a","GeolocationUrl":"https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location","BulkDomainCheckUrl":"https://cookies-data.onetrust.io/bannersdk/v1/domaingroupcheck","RuleSet":[{"Id":"018e6326-944c-770b-9e87-74eaf48b0e06","Name":"Opt Out v1 - US Audience","Countries":["us"],"States":{},"LanguageSwitcherPlaceholder":{"de":"de","sv":"sv","ru":"ru","pt":"pt","ko":"ko","zh-tw":"zh-tw","it":"it","fr":"fr","zh-cn":"zh-cn","es":"es","default":"en","vi":"vi","ja":"ja","id-id":"id-id","pl":"pl","tr":"tr","nl":"nl"},"BannerPushesDown":false,"Default":false,"Global":false,"Type":"GENERIC","UseGoogleVendors":false,"VariantEnabled":false,"TestEndTime":null,"Variants":[],"TemplateName":"*Opt Out US Audience","Conditions"

                                        Static File Info

                                        No static file info